Overview

overview

7

Static

static

3

2024-01-06...er.exe

windows7-x64

7

2024-01-06...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    99s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_fc9da26f7648a6d76d924e72c1ff8bc3_cryptolocker.exe

  • Size

    46KB

  • MD5

    fc9da26f7648a6d76d924e72c1ff8bc3

  • SHA1

    2267ad12712a52796147561f4f8525f0e37e35c7

  • SHA256

    62477ebe654244e051ce840d459d9737fced19d50b589bb6a953cb04ea7a580c

  • SHA512

    f1bac4dd0a2fbcdfffcd0ced15d6a141257db3e761d77facc4a939340780b2f92b45899d0b71d5f0179effadf4b97e7270584db6310e89e93056a52adda1ca87

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6D8jnPxyV4tFVgt:bIDOw9a0Dwo3P1ojvUSD4PRtFVgt

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-06_fc9da26f7648a6d76d924e72c1ff8bc3_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-06_fc9da26f7648a6d76d924e72c1ff8bc3_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    47KB

    MD5

    cb3033c15be89111c91b19a40c58e8b6

    SHA1

    e970edc9f4c33745ef669ca38e395f740b696dc0

    SHA256

    ec4ecbc751521018c5996c5a8416d3baf31469ec64412c578ac866ccf96eacfe

    SHA512

    d272925f3be45726318ba9f63926bd1e8be430400aee9103c8f7fed7e87a5681bb3b3392950193f57a7e82838267d88d78522e9e7af421a9252ffd87e84179a0

    Download Submit

  • memory/800-23-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/800-17-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5072-0-0x00000000005F0000-0x00000000005F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5072-1-0x00000000005F0000-0x00000000005F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5072-2-0x0000000002230000-0x0000000002236000-memory.dmp

    Filesize

    24KB

    Download