Overview

overview

10

Static

static

10

2024-02-03...er.exe

windows7-x64

9

2024-02-03...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    87s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_b63b5bd7b1a738ede6090e4ea78f490b_cryptolocker.exe

  • Size

    90KB

  • MD5

    b63b5bd7b1a738ede6090e4ea78f490b

  • SHA1

    8145096068f7e0cb181e61978ad11122047148d6

  • SHA256

    166ccac4202895f8c2733eb19de8abd13cea444828e2ecd3e2fbe196dc97b35f

  • SHA512

    c1169aafd8a2b11d9f156f24398d39f4801fe3aa5313447aec8b7711a0c14f0ab62b08f10ebe04bde8cf0c3122b01d02cd19130c5a97c33a5ef36c639104bdbc

  • SSDEEP

    1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRMy87UvP:zCsanOtEvwDpjq

Score
9/10
upx

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • UPX dump on OEP (original entry point) 4 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_b63b5bd7b1a738ede6090e4ea78f490b_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_b63b5bd7b1a738ede6090e4ea78f490b_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    90KB

    MD5

    dc08bfd1f7931cc013d2a69dd0a8be60

    SHA1

    804fa712770d16f76579f2f0504ba0c81f86ee68

    SHA256

    d9593ee0e33d839f963dae02e89c21e579d017836501ef8967a82f866a043e34

    SHA512

    e982678e0ca9f2f9b8e894febd23ef013b3c1e04d6f8c6b2a4e1b492b714adecf7cb5c65e4035993be0dd8ea02a807aeb5fac58186f1f1d16e68b08571e97814

    Download Submit

  • memory/1944-22-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1944-19-0x00000000005D0000-0x00000000005D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1944-52-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5088-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5088-3-0x0000000002060000-0x0000000002066000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5088-2-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5088-1-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5088-17-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download