Overview

overview

7

Static

static

3

2024-01-09...er.exe

windows7-x64

7

2024-01-09...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 05:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_642cb2250d2c83eedf70d17532a29194_cryptolocker.exe

  • Size

    33KB

  • MD5

    642cb2250d2c83eedf70d17532a29194

  • SHA1

    efac32a2a1bb011632161e6f94399ec62eff1d29

  • SHA256

    c9193cfe9dcff83389d63bceeb62436a7b9e2910e43efb9cc6f4a74a5d7ea2af

  • SHA512

    9fc6f07f1970aee66311ae94a2403eec88457533acce3fc50d65dd021ce24c6058844f8293bb26b632b287afbdd26e9621d4d94765e3cf4c48c773b01d326c6c

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEEr9VE/cog:b/yC4GyNM01GuQMNXw2PSjSKEBVE/c/

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_642cb2250d2c83eedf70d17532a29194_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_642cb2250d2c83eedf70d17532a29194_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3872
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      PID:3680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\retln.exe
    Filesize

    34KB

    MD5

    f12ea32a0df3bf812021b72e0dff24c1

    SHA1

    607728a54f3c1683781e1554f09fe0ceb78fd5ac

    SHA256

    abf153c94fdedd7859a0925f231946239ee0f3d40b08e7e04dfa25818895c723

    SHA512

    836242086d6033174ec0ea5b7fba60368f9f799dfb339cf9777d78b16ddd3da1df5109c9e61c58a56aeee7b669cfdf219ec644c3d1f246b97806c8e37870c875

    Download Submit

  • memory/3680-21-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3872-0-0x0000000002160000-0x0000000002166000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3872-1-0x0000000002160000-0x0000000002166000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3872-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download