Overview

overview

10

Static

static

10

2024-01-29...er.exe

windows7-x64

9

2024-01-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2024 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-29_b279dae102b7028f011e99a67d1bc899_cryptolocker.exe

  • Size

    59KB

  • MD5

    b279dae102b7028f011e99a67d1bc899

  • SHA1

    74802d34ee38ccccaca5f3eea03274e23e9f4bcc

  • SHA256

    1b2bd15f58253b073f62082c4748757d7c282ff070a2f65a6b7c3ef8d49222d8

  • SHA512

    14eca1ee1bac1e0c7328390b0ea6593c9a256b344c085edb9f5dc1545e93347ffb44f5b6bf4cf8a73b4c31b8ac83de88273d39de9ad6fda290fe8b09b22a1453

  • SSDEEP

    1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMp:TCjsIOtEvwDpj5HE/OUHnSMK

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-29_b279dae102b7028f011e99a67d1bc899_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-29_b279dae102b7028f011e99a67d1bc899_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    60KB

    MD5

    a7689ea06cb7f272e7b0ea9147ef20af

    SHA1

    2807b140d0a287fdab5836e73afa7c7940c3a6f2

    SHA256

    a06729e552b94d51f5f5cf63187a3685fd5a77f6de94e45612b3a61de1dd0e0d

    SHA512

    9d968f1c8e527f9fd1df1163e4120f0e0f27888c61fa0854f61ce01552a3e83a94b160e87251a15a80c9d9c5452b34a8e1b37557ef53a515e72baf5444e70b5f

    Download Submit

  • memory/4116-18-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4116-20-0x0000000002000000-0x0000000002006000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4116-26-0x0000000001FD0000-0x0000000001FD6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4116-55-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4696-0-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4696-1-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4696-2-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4696-3-0x0000000000600000-0x0000000000606000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4696-17-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download