Overview

overview

7

Static

static

3

2024-01-08...er.exe

windows7-x64

7

2024-01-08...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_36037dff05c054da2d444f30cd114930_cryptolocker.exe

  • Size

    36KB

  • MD5

    36037dff05c054da2d444f30cd114930

  • SHA1

    06ef40b923b6cc42d5e4cb9574a9cd444ba80db4

  • SHA256

    a6e85284f9e23916ccbaf1d15f490d93e99b56913b4e219df3eb020d318d8025

  • SHA512

    b1f670b12e1e2ab8e362c7011241fd43298857dfa2cbde3ca965aeeb81bfad8fbc25b16fb84254d2cc0b7403b959e792d8ac5209b66c706683cb4b1b46c6c9e2

  • SSDEEP

    768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLenriA:ZzFbxmLPWQMOtEvwDpjLeriA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_36037dff05c054da2d444f30cd114930_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_36037dff05c054da2d444f30cd114930_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2156

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          37KB

          MD5

          6b0972f7db40ad04c61c3d24a58a033c

          SHA1

          3cbad8d3a0d7c5c8c2e7627e03bac5221815e665

          SHA256

          0edafb06b5f02279d431797551fc321154a8822592c0dbb27a02934aaaa4a41e

          SHA512

          c06425395051053840bd133a01e25b28c98ddf7038e71f523f391dfa1e505a494e8a01f34a9c5e5df5c2df39d4a464ee7ebe75d90c2bd76682d2686ac4ea7198

          Download Submit

        • memory/1888-0-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1888-2-0x0000000000230000-0x0000000000233000-memory.dmp

          Filesize

          12KB

          Download

        • memory/1888-1-0x0000000000460000-0x0000000000466000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1888-4-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2156-16-0x0000000000380000-0x0000000000386000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2156-17-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download