Overview

overview

10

Static

static

10

2024-03-13...er.exe

windows7-x64

9

2024-03-13...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-13_229d8cc8a214be9d579609ab90b06e6d_cryptolocker.exe

  • Size

    127KB

  • MD5

    229d8cc8a214be9d579609ab90b06e6d

  • SHA1

    8f5b839b8909f8ebe344e44cef3eda0854c49829

  • SHA256

    387ffb3545f2ae7e13149bb50177bf1b688b7ded245b595a4e62bb45b8913ef2

  • SHA512

    a248c461ff41ee03dae31710c7759a207f1a39339e0abbabd360460fa61210f8921a9e9b5c59a7854bfc10967467eed8e1a496dd87ee8ef648d9cfd53e7c9811

  • SSDEEP

    1536:gUj+AIMOtEvwDpjNbwQEIPlemUhYwkkxGBp3U:vCA9OtEvwDpjo

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-13_229d8cc8a214be9d579609ab90b06e6d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-13_229d8cc8a214be9d579609ab90b06e6d_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:364
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    127KB

    MD5

    127eae4432206bcc6ce0f91ed6420017

    SHA1

    789ad182626570979065b2fc29766e0e24140315

    SHA256

    aa99d95bd70853ffe05b8eeff281d00ec6a4f766eabfdd4de641eae6f9cba212

    SHA512

    323f66a149e1378767bd376f95d528a82cfe34b9cca1d421d9651d25e60e1e231455254df9df7f81287c2af7bac1e8a0b3dd4936fac4c517351a4c1a57efbd64

    Download Submit

  • memory/364-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/364-2-0x00000000002F0000-0x00000000002F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/364-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2696-15-0x0000000000470000-0x0000000000476000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2696-17-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download