Overview

overview

10

Static

static

10

2024-03-10...er.exe

windows7-x64

9

2024-03-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 09:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-10_b137e73f1a9cf2b5f77de7536e229af7_cryptolocker.exe

  • Size

    34KB

  • MD5

    b137e73f1a9cf2b5f77de7536e229af7

  • SHA1

    71ec7fa015d7271e8090f4094f89839d5bf50b3e

  • SHA256

    fc35a60da5d9eb7652550abb8092b5840464cc460830091f488eb263574d0d63

  • SHA512

    27a80b1e2e68f79471e6a559cc9883e2d94e7e9bc3aac7d1c22b3d8edcd24a0c77ee5aa04ff7eb8bee73691b8fbb2b443a503bc4736290540748fcf3bf03021e

  • SSDEEP

    768:fTz7y3lhsT+hs1SQtOOtEvwDpjfAu9+45Uv:fT+hsMQMOtEvwDpjoIH56

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-10_b137e73f1a9cf2b5f77de7536e229af7_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-10_b137e73f1a9cf2b5f77de7536e229af7_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:3516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          34KB

          MD5

          f288362a3d4d42417e3f581b12445ae0

          SHA1

          28caf7933abf4da2e1cbfb521ea9b5b32fa23774

          SHA256

          b506e79f2a4b271cfd7ba49be7ce9e19bc522c67ca706cd2c8e7cdc791197f49

          SHA512

          cb352bcb88c60b79ab22d6951dc3adc21326abe1b646d06e8def1d3ae4db5433af83a3eb7c112bff662ef9f73c845105bb809de7e355c71a60beab19228bd8cd

          Download Submit

        • memory/2620-0-0x0000000000520000-0x0000000000526000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2620-1-0x0000000000520000-0x0000000000526000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2620-2-0x0000000000540000-0x0000000000546000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3516-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3516-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download