Overview

overview

10

Static

static

10

2024-02-27...er.exe

windows7-x64

9

2024-02-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 15:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-27_6029c9e4c9b6a503dc029c227a5d89d6_cryptolocker.exe

  • Size

    94KB

  • MD5

    6029c9e4c9b6a503dc029c227a5d89d6

  • SHA1

    d58f18249f6f4e97a0c4d977aa18981477c2593e

  • SHA256

    b271cb05de91a88c57e3f47f8edcb99ca79025cff61813ea08d7a34a91ceeff4

  • SHA512

    3ed45e7eb785c02a2973f29640869d534092cd66f9f65a8728550b5e5252bb6a6bde5c8fac1f66e5b26326d0536b6aa2968e4c0e180403ba6b66a40c62016183

  • SSDEEP

    768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWNa9mktJ3d:xj+VGMOtEvwDpjubwQEIiVmk5

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-27_6029c9e4c9b6a503dc029c227a5d89d6_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-27_6029c9e4c9b6a503dc029c227a5d89d6_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2500

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          94KB

          MD5

          7d56287e1ad89b83ba4a0546a7ecb94a

          SHA1

          4afec32a77c38fc39f98511be36aa7c75c06ee13

          SHA256

          e3a5efa81a135644345af3dbc8242d7f4e45c164d67c3c2a9183a52a2e6cb658

          SHA512

          aa7c1f1bc8623afc51eef0e04c4628d13474dd9bf5f28430d4f4c2bd9124d5e2dcbf0844250cb5846d365c5daf1cf65b79ecfafd83a58aba0618692a4e900034

          Download Submit

        • memory/2500-16-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2500-19-0x0000000000610000-0x0000000000616000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2500-18-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2500-26-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2904-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2904-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2904-3-0x0000000000300000-0x0000000000306000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2904-2-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2904-15-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download