Overview

overview

7

Static

static

5

2024-10-12...er.exe

windows7-x64

7

2024-10-12...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_a0a0b941a45ffa57cc990b6db49621e3_cryptolocker.exe

  • Size

    55KB

  • MD5

    a0a0b941a45ffa57cc990b6db49621e3

  • SHA1

    c14c52a299edbfa5a728a723ab4f6da924b41cfd

  • SHA256

    6faef10ee46b82c2b48add8311e3cf8e93521ff175cd53f2023914171d4f8f4f

  • SHA512

    c3bbb5ccd0a6847b394f24a996728dd7ad193d4747630cba9c7705b1eb09f1ec47bbb672135faeadafaa6e2e060fddda5c1c5430c2b27dd3105c46aeb1646471

  • SSDEEP

    768:bco/2n1TCraU6GD1P2wZEjbhxnbcuyD7U9kXDn62tH/1/LpPFPY:b7/y28wZEjbnouy8G76iH/NLpe

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_a0a0b941a45ffa57cc990b6db49621e3_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_a0a0b941a45ffa57cc990b6db49621e3_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    55KB

    MD5

    d8ab4e429ad965d13cf999a9a5fd79de

    SHA1

    3c06e44c46423b4ae0c5fe37d4579a877e89dd18

    SHA256

    8d9c0f8a32b1ba04ff57c0a179753c90b8c3cc8a841d787e3139128894db896e

    SHA512

    627cf5fc57e42255f34fca0bd1c63adc7a3f746c1e8be44a30dada40eafacc68a1ee2415ef5aaa77d91cda7988812d7da204f4a251bc2ac8e7bcc00bd1505378

    Download Submit

  • memory/2760-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2760-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2760-9-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2760-1-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3008-16-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download