Overview

overview

10

Static

static

10

2024-02-03...er.exe

windows7-x64

9

2024-02-03...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 07:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_894c20d5ac0dbd5415856315f153245d_cryptolocker.exe

  • Size

    119KB

  • MD5

    894c20d5ac0dbd5415856315f153245d

  • SHA1

    a8802f9fb0cc782bccdeae235fff0468c80ae415

  • SHA256

    a2ac38cbf80ff908a07342ceeb7361ee80242451367d75689ec1a98facdb9da7

  • SHA512

    7afbec3633400bec690bb9df56b076eaad3596d7d7b7e5003698c9c322853d3bc0024169d48f5713a4a4e480684987390c397ac6c3ff77e9de1e261cb2077b3f

  • SSDEEP

    768:gUQz7yVEhs9+4T/1bytOOtEvwDpjNbZ7uyA36S7MpxRIIXVe3mU9TYwlOBT+:gUj+AIMOtEvwDpjNbwQEIPlemUhYO

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_894c20d5ac0dbd5415856315f153245d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_894c20d5ac0dbd5415856315f153245d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3276

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          119KB

          MD5

          92902173161bb26a34bb81b7ad147d99

          SHA1

          f82e259d6347ed85bc03fda6fc84da720a5f8247

          SHA256

          51bbbb0fcfe940cbea1044256d331a0e360cc544133db09a9f128d8b2cc3dddc

          SHA512

          d38aa038b7e35567c06d672ab734edc544e237b364c77ff1b04f1e1a9ab059c02e204d6f71009e97df1332e4af75b3dd95bef1763e27d7851a0b1b50b7ed6da2

          Download Submit

        • memory/3276-17-0x00000000006D0000-0x00000000006D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3276-20-0x00000000006B0000-0x00000000006B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5012-0-0x0000000000520000-0x0000000000526000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5012-1-0x0000000000520000-0x0000000000526000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5012-2-0x0000000000550000-0x0000000000556000-memory.dmp

          Filesize

          24KB

          Download