Overview

overview

10

Static

static

10

2024-02-24...er.exe

windows7-x64

9

2024-02-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    5s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-02-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-24_4b1301486cb8657dad2401864c183e62_cryptolocker.exe

  • Size

    34KB

  • MD5

    4b1301486cb8657dad2401864c183e62

  • SHA1

    6abfed205222cc2215ed822d400dcd15e2ebce11

  • SHA256

    5ab3680bbf2b723a8f7177ee56c70c58bff76ec71fded77d877b0525fe0b1d76

  • SHA512

    0424f00eca7058ad887e63f04df7c2caa154210b749792b2a54c076bf7c36955e6c8f677af02647a8e9d928b1776524df2fc0a2026b9c6ebaa14193faa248875

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzu02lOQA15O:b/yC4GyNM01GuQMNXw2PSjHC02ltA7O

Score
9/10
discovery

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-24_4b1301486cb8657dad2401864c183e62_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-24_4b1301486cb8657dad2401864c183e62_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\retln.exe
    Filesize

    34KB

    MD5

    2503cc02b7297c789d5594e2552ab663

    SHA1

    6d9018d055dcb22f54d7a4210c95afc44c8ebe8c

    SHA256

    f5a424732988998797e393a784bdeb6b4374116bcba1774d6627981cfd3f52ba

    SHA512

    e16a0dedf3f49af6870bae9c4b13251f6011a2cf7f2f579e3838680061b71df16bf2e85392f1520dad12e0ebe96a70cf1a7013552f1d22c097942c87e17fdab6

    Download Submit

  • memory/1640-16-0x0000000000260000-0x0000000000266000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2328-0-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2328-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2328-6-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download