Overview

overview

7

Static

static

5

2024-11-21...er.exe

windows7-x64

7

2024-11-21...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-21_7f574867f6897db88407e4f63fc14212_cryptolocker.exe

  • Size

    38KB

  • MD5

    7f574867f6897db88407e4f63fc14212

  • SHA1

    d5e3afb39364ea46242ff4456b12f0c8270e3b4e

  • SHA256

    50ab91dcf352962a972a2666743fd2d9ea1632523d57ccf70eaade757905b415

  • SHA512

    8229027b017d71d5d5d331012b9351a37ba942d014e590999f33d0dd5b53f248b3d3337884d18d1e95c31a514d09e37a45fc105f9f4ea89f53bdcb4cea6460d2

  • SSDEEP

    768:q7PdFecFS5agQtOOtEvwDpjeMLZdzuqpXsiE8Wq/DpkITH:qDdFJy3QMOtEvwDpjjWMl7TH

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-21_7f574867f6897db88407e4f63fc14212_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-21_7f574867f6897db88407e4f63fc14212_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    PID:5036
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
        PID:4020

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      Filesize

      38KB

      MD5

      13b1b703b992c934d6703c4fd2211bf7

      SHA1

      8d7c2a57671d32c1f2cccf1e78b33c587bc08dc5

      SHA256

      bb97b4095ac4126d363dcbf94a13a2bad5aa232d771953ed4ddcb7dadcff779e

      SHA512

      0e8fb57a96bc4b832ecd4ebc428c53f41e8a483305f9f59a8227637462179fd2d50ee553366da74d2db8a5b76a1949bb5d1d6b57f5601109659fe6809391df8b

      Download Submit

    • memory/4020-20-0x0000000002070000-0x0000000002076000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4020-19-0x0000000002050000-0x0000000002056000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4020-26-0x0000000000500000-0x0000000000510000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5036-0-0x0000000000500000-0x0000000000510000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5036-2-0x0000000000630000-0x0000000000636000-memory.dmp

      Filesize

      24KB

      Download

    • memory/5036-3-0x0000000000650000-0x0000000000656000-memory.dmp

      Filesize

      24KB

      Download

    • memory/5036-1-0x0000000000630000-0x0000000000636000-memory.dmp

      Filesize

      24KB

      Download

    • memory/5036-17-0x0000000000500000-0x0000000000510000-memory.dmp

      Filesize

      64KB

      Download