Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 20:25

General

  • Target

    2024-09-28_6de5800826e55c4a807716e4d2c80ec3_cryptolocker.exe

  • Size

    32KB

  • MD5

    6de5800826e55c4a807716e4d2c80ec3

  • SHA1

    1a5cdf4aeb22bf28a63c10166ecfa3b757deee03

  • SHA256

    bc137cd60bbe2f5da2816a93ad1b5b654117abe14dc8ab1b0207893a7b286f59

  • SHA512

    cf566703d6e54fb555f55a7bff81ad0c77ed79fb1b8af1245055d0f97865f2b3cf92c89b982e03b1b28fe1e1a18cc3a82a214948e4d173e2afabfb977778c403

  • SSDEEP

    768:qUmnjFom/kLyMro2GtOOtEvwDpjeMLam5axjm:qUmnpomddpMOtEvwDpjjaYaA

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-28_6de5800826e55c4a807716e4d2c80ec3_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-28_6de5800826e55c4a807716e4d2c80ec3_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    32KB

    MD5

    ddee684fe1320c838fa6f4ad6e9880c9

    SHA1

    978e187efdb21cc0301c59fdd19538cc13d208d5

    SHA256

    ae1340913bc985214d060ff9df6640e5eb5f91d0201f433c50285bd704c54ecb

    SHA512

    2fac9758fef9540315c68379ac28925f7c5a9289d0a4906fa723cbccb91e6fcb7c841ad150668a097968ffdd4482af03b56187db31cd3eb66d036380c29623d0

  • memory/1320-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/1320-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

  • memory/1320-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

  • memory/1320-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

  • memory/1320-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/4600-26-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB