Overview

overview

10

Static

static

10

2024-01-26...er.exe

windows7-x64

9

2024-01-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    154s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-26_1ac9bade3696de677c21217f66f1c720_cryptolocker.exe

  • Size

    32KB

  • MD5

    1ac9bade3696de677c21217f66f1c720

  • SHA1

    2d93187d0bb5f687ed63d56ffe64ec0b967baf9d

  • SHA256

    64f75fe5e267c4991c2d5cbf0c38afbfd7c993f7962ce91af8e847c1329ad440

  • SHA512

    68505b431f461b8e62432572b183e7ab35bd6a8e5994c6f02d8e658cb05a433e02ce5682c0b53c177e24734ee3062f02f8cc1df697e09c3084f694ab5099480a

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUr766SJXTQke8SEG3+:bA74zYcgT/Ekd0ryfjQRSNhpSBu

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-26_1ac9bade3696de677c21217f66f1c720_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-26_1ac9bade3696de677c21217f66f1c720_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3688
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    32KB

    MD5

    5bded3eb0fb21c2449c2168274f099d0

    SHA1

    27e198f8c5cf2d8935db72ce6b1cd264cb767ed5

    SHA256

    177f4fd31297876b40bd045d7f68c4c4e8c6c97e51ea160ebb7cdc877310e6e2

    SHA512

    6bf5cec65db31961e186616702228a6ba7de6f13ba5f0e7ebc2de1a6932bd212943ead2b236e2d913e31393d9c0b8aa567bcae173aea3206e9cb59be2bf8077f

    Download Submit

  • memory/2564-18-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2564-17-0x0000000003010000-0x0000000003016000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3688-0-0x00000000022D0000-0x00000000022D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3688-1-0x00000000022D0000-0x00000000022D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3688-2-0x0000000003150000-0x0000000003156000-memory.dmp

    Filesize

    24KB

    Download