Overview

overview

10

Static

static

10

2024-02-23...er.exe

windows7-x64

9

2024-02-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_30cf43d48152528cda31a5babd051e96_cryptolocker.exe

  • Size

    77KB

  • MD5

    30cf43d48152528cda31a5babd051e96

  • SHA1

    a6ee2934fba96128c394e0e9e71c85c149c365f8

  • SHA256

    722473928e92a8c3a784683b79758f50bd37fd34fb4a17ef76b53aa2db587a7a

  • SHA512

    683615e7b6a6e8d2d8799da3cecdbf3c67e45bac404cba88edc19dd605cb98dc561ddf38a07326ad4c79e17d8a21acd854575005af8ebc0ba978c01979e80f4d

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIufjqvZ:vCjsIOtEvwDpj5H9YvQd2Pg

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_30cf43d48152528cda31a5babd051e96_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_30cf43d48152528cda31a5babd051e96_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    78KB

    MD5

    81feccfd9214b3dd60217b8544e4cba1

    SHA1

    d14283f5ef4f7121fdd6aa29b9a87c7a9d7588a7

    SHA256

    9c98dd90cfd0396fcb0d06d28a8f78c44b3b225bd68756f8206c9f20375384b5

    SHA512

    93805e4e48f43d78f6bea9f2eef430d8d009a9355d4ee84a3933bd35bcb5610baf79ecad613862017c3633ae704d62d48723bac74acb039479b3f0460aeb0780

    Download Submit

  • memory/2996-17-0x0000000002080000-0x0000000002086000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2996-19-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3292-0-0x00000000007F0000-0x00000000007F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3292-1-0x00000000007F0000-0x00000000007F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3292-2-0x0000000002240000-0x0000000002246000-memory.dmp

    Filesize

    24KB

    Download