Overview

overview

7

Static

static

5

2024-10-04...er.exe

windows7-x64

7

2024-10-04...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 07:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-04_626d72d9d7b098121b8e0c62729f90e4_cryptolocker.exe

  • Size

    62KB

  • MD5

    626d72d9d7b098121b8e0c62729f90e4

  • SHA1

    595c063043072002074be080e47d72c7e3ca2def

  • SHA256

    337636a582057f56ad523e65132d87aa65ab2decc28f5ccbd788e1b723fec5e4

  • SHA512

    783352a59df6784ea8b9ee3513f31a5a95e35698951e1888d57b7acd9714f91de80c6ccb5f56cb5acfdecec00bb6667e35131dcc043435bda3f0899b5da7047e

  • SSDEEP

    768:H6LsoEEeegiZPvEhHSG+gk5NQXtckstOOtEvwDpjhBaD3TUogs/VXpAP3qhA:H6QFElP6n+gou9cvMOtEvwDpjCpVXhhA

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-04_626d72d9d7b098121b8e0c62729f90e4_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-04_626d72d9d7b098121b8e0c62729f90e4_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3176
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4220

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          62KB

          MD5

          a5dff39cd678503a25edde20d5441f5c

          SHA1

          506507523cd18f9b9f899d6e4597924004141d94

          SHA256

          0f382ebc2554e64772b0868a210f0d86a425fad36b53e831e5640e70c433160e

          SHA512

          6d1fb7941a1e81e8a6808aea15392ff910e1f935c40cca36ae7ba3eddc72cdb9087c0ae1a4b1c21445711c12bf341c01dbee944ec02ed64ad42cd882396fa23a

          Download Submit

        • memory/3176-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3176-1-0x0000000000730000-0x0000000000736000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3176-2-0x0000000000730000-0x0000000000736000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3176-3-0x0000000000750000-0x0000000000756000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3176-17-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4220-19-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4220-20-0x00000000006E0000-0x00000000006E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4220-26-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download