Analysis
-
max time kernel
83s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
03-02-2024 05:24
General
-
Target
2024-02-03_157c6b642b7a4d7e972334f1794ecc3f_cryptolocker.exe
-
Size
33KB
-
MD5
157c6b642b7a4d7e972334f1794ecc3f
-
SHA1
26931d5cd9af83d13160820170c9af647ba1ce91
-
SHA256
967eb9f68fd3e1a75f05dba6b84f695dd4c9a0eaa0a81b36f2c2a57cd1afc4d5
-
SHA512
26129975b63c39205c5c1705fa3f87d29cf979b061578a928f16d2795028ce7c86dbeb6cbb6ce606be5dd5b4046ea859d48e2195b6f3948ec80d88cde466ca9e
-
SSDEEP
384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzu02lOQAk:b/yC4GyNM01GuQMNXw2PSjHC02ltAk
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_157c6b642b7a4d7e972334f1794ecc3f_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_157c6b642b7a4d7e972334f1794ecc3f_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\retln.exe"C:\Users\Admin\AppData\Local\Temp\retln.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD57b266fddbf3757441ca57ccfee5299fd
SHA18f86dda7fa3479a153c1595504268ddfb3d8db75
SHA256d3dfb5fd859216cd607c114fa74727e59d28d6f557c138ed91428eab1f33f3b2
SHA5121fbec064777e61d4bbe6ed896ea77950de445e64924dd8f02e7c68c5a5dfefe4c393a44f77de9862790b44f93f68b34770d1c24452c9bb4bb64ea8576809485f
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB