ce0c128d0dbd32f87f97c6e49e5c2605f30c8fdb797fc24d98e9d4d6ffdbcfa0

Analysis

max time kernel
0s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 12:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-06_9ba8aeeedbccc4ccb55cb3e156a2f81f_cryptolocker.exe
Size

119KB
MD5

9ba8aeeedbccc4ccb55cb3e156a2f81f
SHA1

a2552218ccf6ea181d10162c95770b73c06d37a3
SHA256

ce0c128d0dbd32f87f97c6e49e5c2605f30c8fdb797fc24d98e9d4d6ffdbcfa0
SHA512

21a627bc369fcec647eff78830fdf072445b1416668e4fae4fa4f68afe2108b7a1b56805db9b583a9580bb63ea4072172a42c99cad9ca0c6094fe4e05d7b7940
SSDEEP

768:gUQz7yVEhs9+4T/1bytOOtEvwDpjNbZ7uyA36S7MpxRIIXVe3mU9TYwlOBTZuNlu:gUj+AIMOtEvwDpjNbwQEIPlemUhYpqI

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation	2024-01-06_9ba8aeeedbccc4ccb55cb3e156a2f81f_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-06_9ba8aeeedbccc4ccb55cb3e156a2f81f_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-06_9ba8aeeedbccc4ccb55cb3e156a2f81f_cryptolocker.exe"
1⤵
- Checks computer location settings
PID:3172
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
92KB

MD5
a7fc0ecab32e51a117ab5517d67933a2

SHA1
f60a804c90ac823d2d86dc0c318a755b1d0df75f

SHA256
79bd4dee0eec2a6d70c9021ae5de97e99c6d2f0f365e80b7900d21b2e34f44bc

SHA512
26abc497ae939293abfd9314d1e71a96d2c1a950bdafcf038d81df6d3c9357204c2fc12dea26016e16d5526f15eb7c46ab05eacc7c85b2c38ee3df2c7cc3ba98

Download Submit
memory/3172-2-0x0000000000630000-0x0000000000636000-memory.dmp

Filesize
24KB

Download
memory/3172-1-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/3172-0-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/4980-17-0x00000000006C0000-0x00000000006C6000-memory.dmp

Filesize
24KB

Download
memory/4980-23-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download