Overview

overview

10

Static

static

10

2024-01-29...er.exe

windows7-x64

9

2024-01-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2024 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-29_022875d8858cb4afe1976d0f7a9ff71c_cryptolocker.exe

  • Size

    75KB

  • MD5

    022875d8858cb4afe1976d0f7a9ff71c

  • SHA1

    08aa27c3bb6d44dde60ff50ebefe924b0bb9fc8d

  • SHA256

    06319e8ac391fd4a744e1e5376da8eea989b274f2ff445f96bc2f0b0c471c1fc

  • SHA512

    d5649137a9711d0eefb44880ce79f2ebce40c86154f15fb7e9e7da7547960d2b173e871108f5d790181e199ece21b1075c6166371e01db87ab27e1fd8939f76b

  • SSDEEP

    1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3KEWTF:ZVxkGOtEvwDpjcaxM

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-29_022875d8858cb4afe1976d0f7a9ff71c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-29_022875d8858cb4afe1976d0f7a9ff71c_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    75KB

    MD5

    27f1b9ac49dd5e85243e19385532217e

    SHA1

    92c35fae612ba260b992f0733ea91fd579074d29

    SHA256

    28f85f3b0cb0e5f125db2275aa4634d6deb5c88eac7e4b7ef4fcd6bf77e820fc

    SHA512

    0ff91854524a82c291a0be17b2c2da2e0f9ac3a70b81c99a22fd725ba5862ab21f0f9f14e2139c43b511680875640ac930ca08754eb2572943f3dad37b8689fe

    Download Submit

  • memory/640-0-0x00000000004E0000-0x00000000004E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/640-1-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/640-2-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/640-3-0x0000000002240000-0x0000000002246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/640-17-0x00000000004E0000-0x00000000004E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4524-19-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4524-21-0x0000000002140000-0x0000000002146000-memory.dmp

    Filesize

    24KB

    Download