Overview

overview

10

Static

static

10

2024-02-02...er.exe

windows7-x64

9

2024-02-02...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 19:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-02_59072c988687c1527275ff4c7ad88d4a_cryptolocker.exe

  • Size

    62KB

  • MD5

    59072c988687c1527275ff4c7ad88d4a

  • SHA1

    afbce4428c21cd153b359f762162d4ddd31e0510

  • SHA256

    309c6fa866aa701e8ee6089865aa89d409dd596977b41b10220da3cb1cb2affc

  • SHA512

    ae37b60f5d6f833377ea77a513ac3d5abb48aad204e87e0d22cb5ad1453a99c0bda34dec058bebd13fd07da4f4b4cdd92877dbad2de1d22db43378512cc598f0

  • SSDEEP

    768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxt5I52kGEO10KmB:6j+1NMOtEvwDpjr8ox8UDEy0KmB

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-02_59072c988687c1527275ff4c7ad88d4a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-02_59072c988687c1527275ff4c7ad88d4a_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2664

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          63KB

          MD5

          3f3209c6f6ea231afb5d5af40d7a11df

          SHA1

          e05ebf905c875ab33e7f28bec9df259537d5ad5b

          SHA256

          abf86212a5ee31adc9ad9aa2b72806be860624f28c15ead0bfabedb795c722cd

          SHA512

          bbe71306ac61fdd5f513e8e17a4bc4d3750c462b52494a658d931791e3d3629a3fc418d6407eac0813055f5bf6c1dea6b2252abef9500d46ec8fe69fc167704a

          Download Submit

        • memory/2416-0-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2416-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2416-2-0x00000000002F0000-0x00000000002F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2416-3-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2416-15-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2664-16-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2664-18-0x0000000000360000-0x0000000000366000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2664-21-0x0000000000330000-0x0000000000336000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2664-26-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download