Overview

overview

10

Static

static

10

2024-02-22...er.exe

windows7-x64

9

2024-02-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/02/2024, 19:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-22_4bcb5bb6cb4b42c4c4c68d98c43ade88_cryptolocker.exe

  • Size

    73KB

  • MD5

    4bcb5bb6cb4b42c4c4c68d98c43ade88

  • SHA1

    db6680ccc80790d36dda9b47114438276f5d0ffb

  • SHA256

    78c4ce8f18dd4c299eaf043008a76c8f34e6eaf994d4e6ea0f1784e94cbf59f1

  • SHA512

    1f7102ac5748e7fffc5f0e9589d0d3b6cfcd9cd6da49e24e75f5626aae1a38c01e170ca565619cc6abd485382603fe1e1cc9c5ad58b9de8cbcbb0652b1503273

  • SSDEEP

    768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRXrZSUD:xj+VGMOtEvwDpjubwQEI8UD

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-22_4bcb5bb6cb4b42c4c4c68d98c43ade88_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-22_4bcb5bb6cb4b42c4c4c68d98c43ade88_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:4472

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          73KB

          MD5

          48e7cb6a5142367bc1a130e70040057e

          SHA1

          aec77e36a4f916485293f1b93c4faeb2e20a29f0

          SHA256

          9d5235e3558c93f7ab2d82fddae963fc5569125d4dbbba336462540cd0fcfd8f

          SHA512

          d6be14505c9ab880a2b642c350cf138e4bc51140cad20796c2e274920813ad034130caab091d9a32dc34a205d15970a4b47befc309a3261551b6d571d01b708e

          Download Submit

        • memory/2112-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2112-1-0x00000000005F0000-0x00000000005F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2112-2-0x00000000005F0000-0x00000000005F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2112-3-0x0000000000610000-0x0000000000616000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2112-19-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4472-17-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4472-20-0x0000000000750000-0x0000000000756000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4472-24-0x0000000000730000-0x0000000000736000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4472-27-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download