Overview

overview

10

Static

static

10

2024-03-12...er.exe

windows7-x64

9

2024-03-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-03-2024 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-12_bcd23056cfb05a49a6390ce9dd3346af_cryptolocker.exe

  • Size

    33KB

  • MD5

    bcd23056cfb05a49a6390ce9dd3346af

  • SHA1

    c485e38dab61272e9fbcb3589098e0fd78a39905

  • SHA256

    46739d37cd98d229b15e7c0b947c4d2e055e61ab0524e3c1057c58c68a1ac6bc

  • SHA512

    9c87d4465257bfdb685ba3d35ccba342c04c3862ad529870636bd82f61396b9a5a3513b904cc90c3c6a88690cdcb5eaf1281b316990960af7a68798cd1264e5b

  • SSDEEP

    384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoCt9/B+OOxq+:b7o/2n1TCraU6GD1a4Xt9hOV

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-12_bcd23056cfb05a49a6390ce9dd3346af_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-12_bcd23056cfb05a49a6390ce9dd3346af_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    33KB

    MD5

    572a87a62e0ca7d52f4ad7c53b3428b8

    SHA1

    056c7bd6e8c4bacd14ce4ecb25fcc7ef35ea682f

    SHA256

    2139258f37ac4e4e76b4ad8617b7bffd6fd1ca3bbd3029ab5a638eca3d990683

    SHA512

    0316691af0ea6b5b15f07a088b2d098f4626573d650deb6474e820a983ad62718bd96a831513623ca717d1632e1495ce13ce940fb98fadf72b0234bd01a3c8c4

    Download Submit

  • memory/2136-20-0x0000000000680000-0x0000000000686000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4892-0-0x00000000007C0000-0x00000000007C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4892-1-0x00000000007C0000-0x00000000007C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4892-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download