Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

9

2024-02-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    15s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_ce5b42eca3a51b7e490b1e8e0621974a_cryptolocker.exe

  • Size

    40KB

  • MD5

    ce5b42eca3a51b7e490b1e8e0621974a

  • SHA1

    8b248c99c68619fecd4693a24886f30a38187c99

  • SHA256

    dc84f008b21ae702b988ac233f96892264bf7845fdf3fc5c2fd9dc117d4903a4

  • SHA512

    e1c3f8bc7b9d6d2321c5dc243948cdb1776cb3e1bb66a9f3d1d981cc7bded87d37697f0ced48662f8d0e3a4a4944db693f5c831ccb9c788809b093ee8c1b53fa

  • SSDEEP

    768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAO:b/pYayGig5HjS3NPAO

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_ce5b42eca3a51b7e490b1e8e0621974a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_ce5b42eca3a51b7e490b1e8e0621974a_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\retln.exe
    Filesize

    40KB

    MD5

    c1500c1a01e8f0566bc372ffd509b9e3

    SHA1

    0827468dfa4e7b7330680af33494440d9f2ea027

    SHA256

    2e5bf3625fa9ab0f56e807c269a2b077688fca3ce8d1a69c4ac84e2001ac2d32

    SHA512

    bf48da3f9a93d003c7d5b1300de953cc903486d235c2759419beba91ec579f564ba43c844265cbe653444ed9d3f431c4793588d3e8a92120a4448a657e213df7

    Download Submit

  • memory/1944-17-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2200-0-0x00000000002A0000-0x00000000002A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2200-2-0x00000000002A0000-0x00000000002A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2200-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download