Overview

overview

10

Static

static

10

2024-02-14...er.exe

windows7-x64

9

2024-02-14...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    89s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 06:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-14_539fbedd5e8f054aa08074f89997c4ed_cryptolocker.exe

  • Size

    38KB

  • MD5

    539fbedd5e8f054aa08074f89997c4ed

  • SHA1

    2c2df917f132881ae053231990182b5b01497f65

  • SHA256

    798a421cb3fb9432d3b41a75e534c0294810c4ffebe8c5dae1d30e41284b3ae2

  • SHA512

    d3d96eb3c8c739f25e3e597cf05ae6a071b694997cb586d7aa8c326d8e2d23dd4059bc7b3f978432ee26d95d3f92b9b67ff0fa4aa0440bb224fa8ecb479abf4f

  • SSDEEP

    768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvhx5/xFRy:m5nkFNMOtEvwDpjG8hhXk

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 2 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-14_539fbedd5e8f054aa08074f89997c4ed_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-14_539fbedd5e8f054aa08074f89997c4ed_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4000
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2004

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          38KB

          MD5

          3a798d16ae26980da5e31c56a5c2b196

          SHA1

          e4c3bc3d426992869d97b29865f2cc62479740cc

          SHA256

          5b357737f7b639b82ecf93ec5a489b54ba2ad503597e788c7fd2a28d4d02ba86

          SHA512

          c2320f4af22376febcf324479039d112284aab811f2738d63e656f5f4104868aada38eb60e81b856b0918f35c957ca4b827f7c0ac452e1b8dbced38b9540c1e7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\misids.exe
          Filesize

          315B

          MD5

          a34ac19f4afae63adc5d2f7bc970c07f

          SHA1

          a82190fc530c265aa40a045c21770d967f4767b8

          SHA256

          d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

          SHA512

          42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765

          Download Submit

        • memory/2004-17-0x0000000000500000-0x000000000050E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2004-20-0x00000000006F0000-0x00000000006F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2004-26-0x0000000000660000-0x0000000000666000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2004-49-0x0000000000500000-0x000000000050E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4000-0-0x0000000000500000-0x000000000050E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4000-1-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4000-2-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4000-3-0x0000000002230000-0x0000000002236000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4000-18-0x0000000000500000-0x000000000050E000-memory.dmp

          Filesize

          56KB

          Download