Overview

overview

10

Static

static

10

2024-02-25...er.exe

windows7-x64

9

2024-02-25...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-25_f354b41624c1a2b13ae674d70239f59c_cryptolocker.exe

  • Size

    46KB

  • MD5

    f354b41624c1a2b13ae674d70239f59c

  • SHA1

    8a29612123250757ea1101c6957b98744baf1083

  • SHA256

    2320661f2077752acc080deb546d489621e45b5602ba33b32c94d0628ce48d92

  • SHA512

    2d4943fe4afbfba1f146c38e29b56a55678ed2c2878ce2135c81ba4f9dfdc42f6c15e47c232a5e477c64723ad31a2d7656abf0f52e8c547176394e0efa85ec74

  • SSDEEP

    768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPhqlcnvgpnq:6j+1NMOtEvwDpjr8hgpq

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-25_f354b41624c1a2b13ae674d70239f59c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-25_f354b41624c1a2b13ae674d70239f59c_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:4744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    46KB

    MD5

    8eb3078d43e862d13b2516c7be0fdb3c

    SHA1

    8816b2ac8a714a8d8605d3bb015d8068bbba4e65

    SHA256

    f8ed0749773689f97e9ba55a0b58313e87b8b15107bed5ee0e4c5be5eff8b729

    SHA512

    be85ddf6f940aeace576029ef47fa212883f3054f55b84f434b5a8c3b8f996fc8faa3e2b5765a242fb86789f9b6721a087af9ad7394e4f7844bd6cbbccc62bfb

    Download Submit

  • memory/1612-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1612-1-0x0000000000590000-0x0000000000596000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1612-2-0x0000000000590000-0x0000000000596000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1612-3-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1612-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4744-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4744-20-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4744-21-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4744-27-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download