7d0e021592d106d0d79266b3ac9264c44791778a5901fbdce415cc09b1bcbd45 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-08_741856e1f8d98b34cea297029d906616_cryptolocker_JC.exe
Size

28KB
Sample

231031-sycpesae3s
MD5

741856e1f8d98b34cea297029d906616
SHA1

bfcdc972272e103e4b766dc59460ad95c5556903
SHA256

7d0e021592d106d0d79266b3ac9264c44791778a5901fbdce415cc09b1bcbd45
SHA512

c9f5f44d16a53329e9b6e872c7385a7800c627991681d870065138bbbdc8eac8b217ea3815c23aafa3c55311c83ed0a3bafed47a71317b4199aa390a4ce2f379
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSzng:b/yC4GyNM01GuQMNXw2PSjg

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  NEAS.2023-09-08_741856e1f8d98b34cea297029d906616_cryptolocker_JC.exe
- Size
  
  28KB
- MD5
  
  741856e1f8d98b34cea297029d906616
- SHA1
  
  bfcdc972272e103e4b766dc59460ad95c5556903
- SHA256
  
  7d0e021592d106d0d79266b3ac9264c44791778a5901fbdce415cc09b1bcbd45
- SHA512
  
  c9f5f44d16a53329e9b6e872c7385a7800c627991681d870065138bbbdc8eac8b217ea3815c23aafa3c55311c83ed0a3bafed47a71317b4199aa390a4ce2f379
- SSDEEP
  
  384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSzng:b/yC4GyNM01GuQMNXw2PSjg
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2