Overview

overview

7

Static

static

3

2024-09-27...er.exe

windows7-x64

7

2024-09-27...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-27_8d555654fedb33946d5f85b2bd3ae002_cryptolocker.exe

  • Size

    44KB

  • MD5

    8d555654fedb33946d5f85b2bd3ae002

  • SHA1

    6a93a1860b2125fa363a2c7148ec9ba95ba3d774

  • SHA256

    3d95c66b66e6ed212f78136dc342e0f276fdfa0e59067190384a116b9cc41cd5

  • SHA512

    769f2dd05ff27f5a089aa4be554e08e51bc573da591204e654e0a95c6810ac3fa7251aef60e7efdaa13d5ec03dfda6d7b4e37169c943bcb3d68be314568da013

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaac4HK/wSvuQTCyD/95WQS:X6QFElP6n+gJQMOtEvwDpjBsYK/fbDFA

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-27_8d555654fedb33946d5f85b2bd3ae002_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-27_8d555654fedb33946d5f85b2bd3ae002_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    45KB

    MD5

    ddd8c7b4bf7bb383042c270a09ee729e

    SHA1

    2d459b7a3ca88728283f45de0c589807a88ea1ca

    SHA256

    45fd836386d69eb843dd282fe88dbee7734bfe1e162e255440d3d4f17b6a22f0

    SHA512

    5b2a6ad57f523b6c39c7dbabba84662870e1cb5411515d14c1d04664715f133fb753c59b6bf40e702f6eddfc319db5a6bffa965c383e5c7d5664892de88f2ae4

    Download Submit

  • memory/864-17-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/864-23-0x0000000000690000-0x0000000000696000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3516-0-0x00000000005F0000-0x00000000005F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3516-1-0x00000000005F0000-0x00000000005F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3516-2-0x0000000000610000-0x0000000000616000-memory.dmp

    Filesize

    24KB

    Download