Overview

overview

7

Static

static

3

2024-01-09...er.exe

windows7-x64

7

2024-01-09...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_adcf2315f8b460e1988bf5f49bf26b2f_cryptolocker.exe

  • Size

    34KB

  • MD5

    adcf2315f8b460e1988bf5f49bf26b2f

  • SHA1

    2c9d5e2532fe954fb752cc00b4e5f6a0fc08d872

  • SHA256

    88e11fcc6ec15c592db95fbd7d0005675041fb5c9a3770e86a62f38c3d4a2c94

  • SHA512

    6a2ff6e10fbec357b84cf3ee80a43caf2d8f4311d7dd50749c222e469d521105102cb3f1dbcd99023c3639ef81af84d9bcd3dd7baa3aa7c811f9b4c8d8b89b74

  • SSDEEP

    384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzogFzpjufAq18st8O:bAvJCYOOvbRPDEgXVFzpCYVe

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_adcf2315f8b460e1988bf5f49bf26b2f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_adcf2315f8b460e1988bf5f49bf26b2f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3412
    • C:\Users\Admin\AppData\Local\Temp\demka.exe
      "C:\Users\Admin\AppData\Local\Temp\demka.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\demka.exe
    Filesize

    34KB

    MD5

    9cd008f067fb6593b3eae5d5d346a3b0

    SHA1

    0c08cdb16f604b0050f9dab3c5b79bface209244

    SHA256

    37e7d18ffe7457c76ba9f385201f9b08e8bd952adbc410d9ed1899d27cbae565

    SHA512

    c75f24d978e989c3261d9d44391a897a61253e30d02bdc64c70005afa09dcb56d2963674bf4d3728ca9453f4dede14c3afa3c3692405bdf2b6cb70e417c36d29

    Download Submit

  • memory/3412-0-0x00000000022C0000-0x00000000022C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3412-1-0x00000000022C0000-0x00000000022C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3412-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4492-20-0x0000000002220000-0x0000000002226000-memory.dmp

    Filesize

    24KB

    Download