Overview

overview

10

Static

static

10

2024-01-24...er.exe

windows7-x64

9

2024-01-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-24_8365e2b7837a9833d4a47063ed7da14f_cryptolocker.exe

  • Size

    123KB

  • MD5

    8365e2b7837a9833d4a47063ed7da14f

  • SHA1

    cbe5ed303145eb0182e25b423dfc549dc5438e20

  • SHA256

    bae430335c05a03a20aa78e174b1655082ee2e269b3b87b124c6e6dc8c9f92ba

  • SHA512

    5e83ff18ec41ff2b6042a167f29e6a4777af0c3c15b58837d4e3dcd6de7c54b4e47b633e27ec5748fee1c544ccd1a0b3a559b10fab8f57f961b80f9980e0e846

  • SSDEEP

    1536:gUj+AIMOtEvwDpjNbwQEIPlemUhYwkkxE4qH:vCA9OtEvwDpjF

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-24_8365e2b7837a9833d4a47063ed7da14f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-24_8365e2b7837a9833d4a47063ed7da14f_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    123KB

    MD5

    aab21adf9ab2c301170bff4f84772047

    SHA1

    dcccbd316dcc93a57e7dd3b600cfcf9815a8a5f1

    SHA256

    d613f57ad12e0a6151d14dbc00c48b588f14680cd667242274371096185405c6

    SHA512

    d8a74b9a4dbfdc7abd138b6d0179f8cebe60641b497bcb1370530fe5a5b86cca331d61cb925d83a6c8433eebcc58cd7579299242db1787c3ece081b9b977ab74

    Download Submit

  • memory/1848-0-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1848-1-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1848-8-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2728-15-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2728-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download