Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

9

2024-02-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_d47598ee9abcd9729faf857677773caf_cryptolocker.exe

  • Size

    123KB

  • MD5

    d47598ee9abcd9729faf857677773caf

  • SHA1

    99951d8df0aebeb017651df3271b2b193193fc1c

  • SHA256

    7a5152e2716baff3bea5b116fc334c554e4fff13a2b038dba6d89dc73d8f68fa

  • SHA512

    91323a4a30bc5418168cb4700dc256cf5e091e87df424e8f1b12fb5b326060a14068e73a1616d70c63e3f7506778b8e47b3b56e9d0c1ed2ed61d669c8df217e9

  • SSDEEP

    1536:gUj+AIMOtEvwDpjNbwQEIPlemUhYwkkxE4q+:vCA9OtEvwDpjA

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_d47598ee9abcd9729faf857677773caf_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_d47598ee9abcd9729faf857677773caf_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    123KB

    MD5

    2c21bef8218d8c3bce4136a5314c259d

    SHA1

    a00120b398a722f47255f33a3e4494fbb28c9d0d

    SHA256

    de286e88cd96b4cce663a739a4d9f4f3ac2869d9c0ac18aa8e40aee733f653c9

    SHA512

    b1d204ca1fb95b11e0f72b9c258c4b2244d4998cf7d91913289a6d61f82942730c31c045349a7c3da64752d75d8ffded28dc674d601bcf2aa632046311e1a6eb

    Download Submit

  • memory/940-0-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/940-1-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/940-2-0x0000000000600000-0x0000000000606000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3088-17-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3088-18-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download