Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24-02-2024 22:28
General
-
Target
2024-02-24_6fd2726dbfd69a039eed86773e8fe465_cryptolocker.exe
-
Size
62KB
-
MD5
6fd2726dbfd69a039eed86773e8fe465
-
SHA1
3e0a0d3c887e103de92dc6a2b0afe2db96403b74
-
SHA256
7c183f5f2428acc53a0cc5a404fcb1e6f235a4a43d18d3d657d65871f511ba0a
-
SHA512
2aa492e38c2bac464221ac67243bc3adf849826e48c7d5a6f9caa8acd412b1d101b5c3f3b11b8496628ded2f422fdb688b0a59cdfa72caeb98c4d2c87bf13260
-
SSDEEP
768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4hdCY8EQMjpi/Wpi3B3URiLnuoUwUsfqB1A:vj+jsMQMOtEvwDpj5Hy7B3gG8xzUm0
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_6fd2726dbfd69a039eed86773e8fe465_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_6fd2726dbfd69a039eed86773e8fe465_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD5703f7cb96739280a5d32a5380f524fd0
SHA19e8766cd36a614273b58b24463ffbb9df3870bff
SHA25641d26f75b158402d6a770feadd8588a82397a357f179f484ff4471e111c150d8
SHA512c85b63942a7ad1a42f03335fbc300ec17377cc3778e739e351e1523bd48ce8ca687e471dae7315eba96ec5842b475af6ee0840550e1be5d4136c5ce96c422eca
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB