Overview

overview

10

Static

static

10

2024-02-19...er.exe

windows7-x64

9

2024-02-19...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_882381d2ce2599842c0a8f0ee84be0bb_cryptolocker.exe

  • Size

    27KB

  • MD5

    882381d2ce2599842c0a8f0ee84be0bb

  • SHA1

    b0efdbb6f3c747a5cf0e53938905172a1e47032e

  • SHA256

    7895b929b57ffebd84cea947eccf852fd71488898328f93aa053a66ca3e57570

  • SHA512

    29997173cb419c2f601d6a9760c6edc0b0af1f5f871f7782b9023e23feac6715f355e023326b9ccee770a2f8618e46078c3d42ec3fd4369b43b3a974d46c1001

  • SSDEEP

    384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo+m:bAvJCYOOvbRPDEgX1m

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_882381d2ce2599842c0a8f0ee84be0bb_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_882381d2ce2599842c0a8f0ee84be0bb_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\demka.exe
      "C:\Users\Admin\AppData\Local\Temp\demka.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\demka.exe
    Filesize

    27KB

    MD5

    0a7603a0c6c54dcc95e7ede422e2233e

    SHA1

    5e65c17ccf2f2fecf3a1373a7eed5e2741a7b0e9

    SHA256

    d68f25faf9c30308095e016b22981491323927dae360935741bab17f010a6977

    SHA512

    1880b7d557d4d731aa416c2fd17514c4caa5a8017b053a1cf1bd7cb99844a8edbc6c60f31e13ac4a143ecad00d2acca9ff009c50ee5b54fb10e34d4b54cfc6e9

    Download Submit

  • memory/2920-22-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4644-0-0x0000000000630000-0x0000000000636000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4644-1-0x0000000000630000-0x0000000000636000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4644-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download