Overview

overview

10

Static

static

10

2024-02-04...er.exe

windows7-x64

9

2024-02-04...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-04_fe4e1491a7a71f05c6ed7cc8901722f2_cryptolocker.exe

  • Size

    46KB

  • MD5

    fe4e1491a7a71f05c6ed7cc8901722f2

  • SHA1

    8909f2dc6f85b20732b1d196229003772dacbd8a

  • SHA256

    6b725333797174984d4099b2f546ea2936eded25ab6427569c3699c55ab8ffc4

  • SHA512

    192bfbe579b6de87131cd535e5fc01bfe8815ace729a9c85d67c529ac8c08caa451cce0fbbe3ddd006fd359e19db42b9a830bb4b40684e96b337af1d63758af4

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr46xdUUujKe7:vj+jsMQMOtEvwDpj5Hczer5ixjKe7

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-04_fe4e1491a7a71f05c6ed7cc8901722f2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-04_fe4e1491a7a71f05c6ed7cc8901722f2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    46KB

    MD5

    38af9222bfdae9f8e37cf510d828948e

    SHA1

    1deef51ffa8d774994587671f0ffe2dc7de4976f

    SHA256

    5b031cde2ea298b833f3b34c3a3357ef7fd6ebceba2914957fd9ec9f7ac0fb6c

    SHA512

    5c5c8f6c783ad10b8c7a079a886ba9c0732fa07b74c9d3c63a65369181ce5b2ad713b0ad295ff29ad222dc6d231594b5c8c91500323d9ce851b0d6da42194b82

    Download Submit

  • memory/3936-17-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3936-18-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4480-0-0x00000000007B0000-0x00000000007B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4480-1-0x00000000007B0000-0x00000000007B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4480-2-0x00000000007D0000-0x00000000007D6000-memory.dmp

    Filesize

    24KB

    Download