Overview

overview

7

Static

static

5

2024-10-15...er.exe

windows7-x64

7

2024-10-15...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-15_86353115eb31fec2dbc50795e4084756_cryptolocker.exe

  • Size

    40KB

  • MD5

    86353115eb31fec2dbc50795e4084756

  • SHA1

    2e1f9202e8c28f3d11b8203fa42b529f684d03b3

  • SHA256

    b3b31ba4e4c2d0ca584f67ab209740c005d6d1fbe6ce6a2c29411a6652c494e5

  • SHA512

    8839a3b96b5e0207479e79a058298fc18ca510addd1b5a9e77f35e727a1424e84f36fc78fe445c1d34d009f9a531c13b77409e0bfbc17631a33bbd65799c2e71

  • SSDEEP

    768:q7PdFecFS5agQtOOtEvwDpjeMLZdzuqpXsiE8Wq/DpkITYaB01:qDdFJy3QMOtEvwDpjjWMl7TdW

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-15_86353115eb31fec2dbc50795e4084756_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-15_86353115eb31fec2dbc50795e4084756_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    40KB

    MD5

    35eb3086543401e4a1c47c40ea1ffde6

    SHA1

    178215b35954efed37054c0e19b476928fdafcd7

    SHA256

    fbf4fb90e15132369cbf21d34530319b1916ed19ce49216494a4823e72127470

    SHA512

    6a36a2634d128e3d5081ab1dfc75d2207f5c1523610ff0c18538ea8d4acdab395a2cdabf2e9ee0471d08cb2f0ae421349b85dbdf94abeaf546bd5e96221f9d6c

    Download Submit

  • memory/2216-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2216-1-0x0000000000830000-0x0000000000836000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-2-0x0000000000830000-0x0000000000836000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-3-0x0000000000850000-0x0000000000856000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-18-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3540-20-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3540-21-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3540-27-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download