Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

9

2024-02-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    89s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_892fdb6b0dc45821790637e49ea314d9_cryptolocker.exe

  • Size

    60KB

  • MD5

    892fdb6b0dc45821790637e49ea314d9

  • SHA1

    3648c1f8a36245145a22061d2bdf9ed9affb3ed4

  • SHA256

    514618f298a8d6dd40d54a2a4d3d498f1e369738b53bde424ca5948f07b36c76

  • SHA512

    04cbf26893ec78da023b935b82c94da19ef720ad137929fe2e0507d1e5a6fffabd671efe61e78b32678e6f962b88f9cdfe502b367a922d10a74ffd1fd1a42a74

  • SSDEEP

    1536:ZzFbxmLPWQMOtEvwDpj38lD/cMAT+lBO+:ZVxkGOtEvwDpjS

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_892fdb6b0dc45821790637e49ea314d9_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_892fdb6b0dc45821790637e49ea314d9_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3696
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    60KB

    MD5

    45ceb3735200253c7b234d54858a1d1c

    SHA1

    8438254149ccd63ac7ba974ca24290659eba24e0

    SHA256

    9725415072ef65116608e1e180acfa330127c3d8036d2c8b71b31cd8ed4ac8fa

    SHA512

    fa957f130dc7ed7b52ec44cd1c7bd2ed7692ef74cdf6429ed0860872aa72cbd589dd68c3ccb53b96943be8e19696d785ea31b9d9b3a6ccddf4a8fab02e4e10fa

    Download Submit

  • memory/3696-0-0x00000000004E0000-0x00000000004E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3696-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3696-2-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3696-3-0x00000000007D0000-0x00000000007D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3696-17-0x00000000004E0000-0x00000000004E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3936-18-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3936-20-0x0000000002000000-0x0000000002006000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3936-25-0x0000000001FD0000-0x0000000001FD6000-memory.dmp

    Filesize

    24KB

    Download