Overview

overview

7

Static

static

3

2024-11-02...er.exe

windows7-x64

7

2024-11-02...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2024 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-02_1370f4900667c38b3b3626e0aa3e04b0_cryptolocker.exe

  • Size

    31KB

  • MD5

    1370f4900667c38b3b3626e0aa3e04b0

  • SHA1

    effeb21c642a8a002f4822a94360a5c140d06bf0

  • SHA256

    46fd1d0cff322d94259be3cfcdf9e1679de5962ff2c569a62e8e06755a77512f

  • SHA512

    24a1161f36502ee677146d645bb893e8014bbbe8f29b1a814dcc2f124941e4e08aac5bc9413a579e3a12df3ac4d6577211bffcab49628910fb8b8e517f696d1c

  • SSDEEP

    768:I6LsoEEeegiZPvEhHSG+gbIBrtOOtEvwDpj79:I6QFElP6n+gs5MOtEvwDpjp

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-02_1370f4900667c38b3b3626e0aa3e04b0_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-02_1370f4900667c38b3b3626e0aa3e04b0_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    31KB

    MD5

    e90676427e6038767ec8e0af344fb558

    SHA1

    a1cbe86ce75c057625a5f8c13aae0cc8b98b2b96

    SHA256

    c8c7dff7e37b03f52d0b6ac6154fc54cc19f0d180aef7429f89f14f2649b7a39

    SHA512

    5728424d9d379d86dc02fc365460c45a62c20bf77de1795c2c7cdf3d4ee9575e5d4c009d7b56bbb78220e04b73ceda609574da3b63e2b65dd34a51522b2cc8b9

    Download Submit

  • memory/1292-19-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1292-20-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1292-26-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1868-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1868-1-0x0000000000670000-0x0000000000676000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-2-0x0000000000670000-0x0000000000676000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-3-0x0000000000760000-0x0000000000766000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download