Overview

overview

7

Static

static

3

2024-10-13...er.exe

windows7-x64

7

2024-10-13...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-13_d080b49b0c4a90b646f9467a7d2c6f2f_cryptolocker.exe

  • Size

    41KB

  • MD5

    d080b49b0c4a90b646f9467a7d2c6f2f

  • SHA1

    ccf199569356e6e77947c5efa288dbee26037f43

  • SHA256

    ef8e4f9eb6ef121c44bb81de96331ee18fd653a3b694808955bc4f6ba772c2ed

  • SHA512

    ae376758903ce5b494e0a7e3a8799268d3fd3579d15109af8ce7c371ea2a074ed8e233ec2b9bfeea9b791193f650b59152bc052053845e3a6aca29d9bb18edf7

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6j4AYsqSh+DETkedmL:YGzl5wjRQBBOsP1QMOtEvwDpjl39+D+W

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-13_d080b49b0c4a90b646f9467a7d2c6f2f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-13_d080b49b0c4a90b646f9467a7d2c6f2f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:384
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:5100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    41KB

    MD5

    3d7057df007c5510de6881280b24cf54

    SHA1

    711e4715a81ea71a2fef9efadf2293f08d993962

    SHA256

    d46c624bb137ee2cf8a64a953b4156b37536fd2bc1d1101269985ad524c03366

    SHA512

    aa4090728c9de0377f812b77614bea549b362647794e2ac376c2da76b2224951b048dd2fdcf0b3c0f556f5c41e113755b452d8871f7d78805cf13dcbba9575ab

    Download Submit

  • memory/384-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/384-1-0x00000000005D0000-0x00000000005D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/384-2-0x00000000005D0000-0x00000000005D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/384-3-0x00000000005F0000-0x00000000005F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/384-18-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/5100-19-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5100-25-0x0000000000690000-0x0000000000696000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5100-26-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download