Overview

overview

7

Static

static

3

2024-10-12...er.exe

windows7-x64

7

2024-10-12...er.exe

windows10-2004-x64

7

Resubmissions

12/10/2024, 03:46

241012-ebxt7awcpm 10

12/10/2024, 03:33

241012-d4fwps1cne 7

12/10/2024, 03:32

241012-d347xavgqj 8

12/10/2024, 03:32

241012-d3m9dsvgnl 7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2024, 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_37e70a501e43c8f4beb5ead5537b217c_cryptolocker.exe

  • Size

    48KB

  • MD5

    37e70a501e43c8f4beb5ead5537b217c

  • SHA1

    1258c1a191d81f9cc473690ef0c43d8d26ff29a5

  • SHA256

    a01e5c559ca7fc149420a26d46f13575b3e01daa19f2bdea0d9723c04ea1db35

  • SHA512

    7459d4787848912f1eba0749298952011df4e8696581b2cddc9af918605203b0b5c3e0f7f6e87c669a6fa70dae3d0b0d99ce2fca821928124d4603eaf0c0d82d

  • SSDEEP

    768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPcV:P6QFElP6k+MRQMOtEvwDpjBQpVX1

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_37e70a501e43c8f4beb5ead5537b217c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_37e70a501e43c8f4beb5ead5537b217c_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    48KB

    MD5

    f7a49bee110777605d2190a6430ca560

    SHA1

    b88e4ba351781a87a65e0ef3366cf502e11ff954

    SHA256

    8561ca0a8a13f969ac5fdd01be725aa991f645533d8e8e25e72bde8d5aea23e6

    SHA512

    cb6bb26cceb518c343d90fce9c560b316bf26cb2851c1efe2cb83870577e2349ef1c4d5dcbf7d06a3e227601d9a2a51165fc5086d5f0d1c04208696eb5f00e58

    Download Submit

  • memory/1528-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1528-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1528-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1528-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1528-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3128-19-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3128-25-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download