Overview

overview

7

Static

static

5

2024-10-06...er.exe

windows7-x64

7

2024-10-06...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-06_dd0a0bc8e49cf6a2cc8c975685f3167f_cryptolocker.exe

  • Size

    40KB

  • MD5

    dd0a0bc8e49cf6a2cc8c975685f3167f

  • SHA1

    b964639c02d078ae8e17b71921d777371eacb3f2

  • SHA256

    e2e322c0457fc159a766450f4f03b5f049a2fbe1043912758f4df589dd9d2088

  • SHA512

    46c7a014eed716db6fd201d609a8d9c08d5ec64f5dfd329eaf4400b74da57259a2f6aa5804ac3cc8b75e5c99f25f9401cee925cabfc73afc1e7bc8b0c7173704

  • SSDEEP

    768:qTVbxjgQNQXtckstOOtEvwDpjAaD3TUogs/VXpAPWRiH:qTJu9cvMOtEvwDpjppVXzRi

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-06_dd0a0bc8e49cf6a2cc8c975685f3167f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-06_dd0a0bc8e49cf6a2cc8c975685f3167f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    40KB

    MD5

    846dbaaf31e992dad7d75318d2743f71

    SHA1

    bd4596a0e10d29e3553512a7233eb6847b9424d2

    SHA256

    07e03243271b4576068204a7376476b956b93509d7aca2a062681a205d0d67ca

    SHA512

    bfb78ceb2f5b9153abc7ff7f882acc529bd224bb445b856f24c39f8a4e5e0789ec638348666245ab54719236a304ab7426f62f09d4a0192470b584f3c805e596

    Download Submit

  • memory/208-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/208-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/208-2-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/208-3-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/208-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1636-20-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1636-21-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1636-27-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download