Overview

overview

10

Static

static

10

2024-02-23...er.exe

windows7-x64

9

2024-02-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_540dd32e364e7a5b56564d4274b4074e_cryptolocker.exe

  • Size

    63KB

  • MD5

    540dd32e364e7a5b56564d4274b4074e

  • SHA1

    b2dbe0ee9cb885fe381071d7b6b8b1c4f903e6d3

  • SHA256

    6f2cc9ca4294952ee5e520bb4744cc9973d7345f71b17b71a5459ae2cfb1add5

  • SHA512

    545ec953f7e281c2ec9507e46024c679c367499d07f7fc0a88a90d7cbeda94c97c67804464c7288d533234d3fcfc30f0517e93079b89cfd288dda9c91c989531

  • SSDEEP

    1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMHpaIq:TCjsIOtEvwDpj5HE/OUHnSMt

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_540dd32e364e7a5b56564d4274b4074e_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_540dd32e364e7a5b56564d4274b4074e_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    63KB

    MD5

    de59b17d9ae4f748bc4250c8895b7da5

    SHA1

    d8bf8e137b315f62488e3e355e3223aa5eb13ba9

    SHA256

    af0f3c4e159d5124eb188b70ba8781d117f61afe8bff5fedb65ff49549dc3d5b

    SHA512

    9d731ef846cd87aba7bd0ebaee16027a4175d1faf3864b21077234a93be171ad3ba166e4dbf03b20134ebe9b7b89ab03d08f71fba61c68bba4b5b53d0443ddd9

    Download Submit

  • memory/2744-18-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2744-20-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2744-23-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2744-27-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3576-0-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3576-1-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3576-2-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3576-3-0x0000000000680000-0x0000000000686000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3576-17-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download