Overview

overview

7

Static

static

5

2024-10-10...er.exe

windows7-x64

7

2024-10-10...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-10_41fb8748baa34af8aa791e746f69eeb1_cryptolocker.exe

  • Size

    41KB

  • MD5

    41fb8748baa34af8aa791e746f69eeb1

  • SHA1

    8b5e9ccc5ec3b377e3786caea7acf54df94e9d5f

  • SHA256

    f145367b80f897c3094746cb1f96c119abe3007ea5254016ce79d8152ea5ec4c

  • SHA512

    a435c49b05b99db22c7a6f7a792cf4dd9c44fc59ee1a7b820693326e89e82ee271a9100d46af8a801df46f5e3afe9e2ee834d5a43295e1bf18fa699fdbd5189b

  • SSDEEP

    768:qTVbxjgQNQXtckstOOtEvwDpjAaD3TUogs/VXpAPWRip:qTJu9cvMOtEvwDpjppVXzRA

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-10_41fb8748baa34af8aa791e746f69eeb1_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-10_41fb8748baa34af8aa791e746f69eeb1_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3184
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    41KB

    MD5

    9d73c8163d9e75711a162832380e7ffc

    SHA1

    73eeee5f1d2e0c3c15124d123aa6ee69726e2b66

    SHA256

    94a706977867673f21288396df13506d05f85c0394685ff2b3e96d10d2aa166f

    SHA512

    d9ba15e4de2e43095c5a27e21c033b940249eb9b6dbe034320659a0ba787ae15dd7c818243a8987460789c55287a2783c206a7b3bf630a169b619d7ce023ac47

    Download Submit

  • memory/2764-20-0x0000000001F70000-0x0000000001F76000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2764-26-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2764-27-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3184-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3184-1-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3184-2-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3184-3-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3184-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download