Overview

overview

7

Static

static

3

2024-10-12...er.exe

windows7-x64

7

2024-10-12...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 02:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_75160c8131fac151827998cfd438f1d6_cryptolocker.exe

  • Size

    44KB

  • MD5

    75160c8131fac151827998cfd438f1d6

  • SHA1

    36fedb9d6ab95b681b43103b2a6ccc433aa5858c

  • SHA256

    8b21187890e946a15f9c12b2cbd996f4a8e44e9f4a08da23ef37e835a43c128b

  • SHA512

    dca49f25dff8436579834ecae70db11b7265e2c882b195a8b870a91434d5337ec760a4af73cea8fa3e3c9202700c3544153775a234eb908f666364e1bceef3e2

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPEkL7vF1Tx:YGzl5wjRQBBOsP1QMOtEvwDpjgarrkLx

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_75160c8131fac151827998cfd438f1d6_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_75160c8131fac151827998cfd438f1d6_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2156

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          44KB

          MD5

          f42dc42b3b79d31b672b7b83b553d4c0

          SHA1

          3b7945200e35ad862a0751d57b16baaaa12495ff

          SHA256

          b2b657959190fb629ddc61b1f24ada4da90a1c02176d9b3e9341367e669f6522

          SHA512

          538798d5ba11fe22b0e1c694d6002393f78b172a718e21a3cc4049243bbca6d75ff29b0969e51a36629c4d10b0c843d52b1a8ebc870c4cca0a55c708cfb0b8f8

          Download Submit

        • memory/2156-16-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2156-18-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2156-19-0x0000000000300000-0x0000000000306000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2156-26-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2968-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2968-0-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2968-2-0x0000000000290000-0x0000000000296000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2968-9-0x00000000001D0000-0x00000000001D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2968-14-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download