Overview

overview

10

Static

static

10

2024-01-28...er.exe

windows7-x64

9

2024-01-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    157s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-28_3fb9cbd652c0f23b1181fb845b18a795_cryptolocker.exe

  • Size

    39KB

  • MD5

    3fb9cbd652c0f23b1181fb845b18a795

  • SHA1

    ea4278dd89afa8327543d4af4c474b0948430290

  • SHA256

    8ac7afd82899f1ca89e517c4697ecdac5e6f1650629881c473db4e65796cdf72

  • SHA512

    87197513ced82a01739c2502ab3e160db3e4be1505b4c376df401138c87ee512e67dfd07535ffdc1ee623936797a8c3c42a75fb101b59ee6b773d67d31f004a1

  • SSDEEP

    768:bgX4zYcgTEu6QOaryfjqDDw3sCu529hyr:bgGYcA/53GADw8Ch98

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-28_3fb9cbd652c0f23b1181fb845b18a795_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-28_3fb9cbd652c0f23b1181fb845b18a795_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:3380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    39KB

    MD5

    4c829b2b44bb62408f030bb7615a0cd5

    SHA1

    d5456372b0462e46e86e61be87cfbc035833389b

    SHA256

    135f399e798c83aef710928155497413e00704ebb1e66c887f9f48d7a6fb9c05

    SHA512

    3c1688625f11f1821a30f194d4b90963d87cf8cff8e342ea570958a02ab1b00c4ff53f13bbb08ce2d072539ad7a12d0d07c6e841d1e23e48998e1b224bd39845

    Download Submit

  • memory/1800-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1800-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1800-2-0x0000000003150000-0x0000000003156000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3380-17-0x0000000002190000-0x0000000002196000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3380-20-0x0000000000780000-0x0000000000786000-memory.dmp

    Filesize

    24KB

    Download