Overview

overview

10

Static

static

10

2024-01-26...er.exe

windows7-x64

9

2024-01-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-26_946868b22d373d949c69b3763218db46_cryptolocker.exe

  • Size

    59KB

  • MD5

    946868b22d373d949c69b3763218db46

  • SHA1

    af19d722bd8cb56e6774bda6104918c96757d124

  • SHA256

    60eb711c3ec8eaf9d378f6b8d49a493f812ac16e01228c2301d9d3d60e2efd47

  • SHA512

    b7939eaa021c60aa5a49b4eb5c0a8f43ed255e4a8251e046bf0c911a4542e732e2ed60dde3012f92d592c39b789a3ca36736e7e2a0bc57c3d46093c2d96dbc22

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4hdCY8EQMjpi/Wpi3B3URiLnuoUwUsfqB1b:vj+jsMQMOtEvwDpj5Hy7B3gG8xzUe

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    "C:\Users\Admin\AppData\Local\Temp\misid.exe"
    1⤵
    • Executes dropped EXE
    PID:2672
  • C:\Users\Admin\AppData\Local\Temp\2024-01-26_946868b22d373d949c69b3763218db46_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-26_946868b22d373d949c69b3763218db46_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    30KB

    MD5

    7ef9ed4bdf38d8be4c8dd1debef30018

    SHA1

    e1ce3e7b6c6c3bee8bf2d48403d2cd2124d7530e

    SHA256

    389b06a1452629b86d57f1dcf970342f4d73e6446abe024e4156dfd6e5d3dd0d

    SHA512

    9d5e319409db86c2db45918f2214a13e3006998eea054ecd34433da6beefd4d5b915c8508a0824c49fcabe93a1491926d24095b21b4b000053f90c71ecf853fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    5KB

    MD5

    cde7bcbe1dde38fef43640b4013894e2

    SHA1

    69032801c9c9327b75e51cfe034c063bd9bb2959

    SHA256

    0ed9ac8f3af672dbf7503710691ee4b9338ce32458107f2777b763eef281dbbc

    SHA512

    406fe8e931e40febb76b9704043febfc1fe415eadf2f293fd770dfa0679ecd38fed3284774686a7f6a091270da16331c1d1f2f8e9364bae3a12142a141a68e41

    Download Submit

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    60KB

    MD5

    08a7135c0d051b5de420aa1d658628bc

    SHA1

    7337982ca69645c45cff9f2666aa537f3baf08bd

    SHA256

    5b68e4940e1e2f8c4b090fc8a771f613f7e35efd650c07291986f4ba265fab37

    SHA512

    f79889ecdcca43646b2f79cb49e2125ee5f727b9f8c5f932ff364cb773820199ad0f50dcbae97fa1734491a8b9cbf95f707a79e9870a0275b1b96ae05f944782

    Download Submit

  • memory/2608-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2608-2-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2608-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2672-15-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2672-16-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

    Download