Overview

overview

10

Static

static

10

2024-02-28...er.exe

windows7-x64

9

2024-02-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    91s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_4ce89af943bca64fbc04f7ab88a86b2a_cryptolocker.exe

  • Size

    52KB

  • MD5

    4ce89af943bca64fbc04f7ab88a86b2a

  • SHA1

    d208895b49fdc264034ad413f9662ec8d0714e9f

  • SHA256

    babd15732989d0f5a9aef703f6ea45837668efe10cf61714e67d951f92c6341d

  • SHA512

    99dcec95a2c7dec5db3057a7d148c8ff6bd2f334e848f2d402a3d333ced4949c2e7259513c43d415340077e85f11dfba6dbf42e06ce370cfde801c2b238d29cd

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4hdCW1nw71TkhsiPn1YFvPw:vj+jsMQMOtEvwDpj5HH1nw73KOFw

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_4ce89af943bca64fbc04f7ab88a86b2a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_4ce89af943bca64fbc04f7ab88a86b2a_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4716
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    53KB

    MD5

    58fa4db54dca9cd990561137837a098a

    SHA1

    5dc9600fa5169bea81a64335ca9ca685119c45a6

    SHA256

    3a237c5cf2c3a514467a842e7ee1d5c4c57418c867241465ad4a3a7f21ab04a1

    SHA512

    672c18735b2002e8bcd7a4c7d56769c4a3923be038e1164f7f13961cdd6e2ad41add82c7bfbf2e634fe90a9bd517ff89e62fd8d3f88204ede8a1754ddca67703

    Download Submit

  • memory/1548-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1548-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4716-0-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4716-1-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4716-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

    Filesize

    24KB

    Download