Overview

overview

10

Static

static

10

2024-03-15...er.exe

windows7-x64

9

2024-03-15...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    165s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-15_450d232d0ac49f317e8a436cd2865999_cryptolocker.exe

  • Size

    41KB

  • MD5

    450d232d0ac49f317e8a436cd2865999

  • SHA1

    cd37ba219f7c6bbc9d65f954ac26441f63fe82bc

  • SHA256

    da4d4bfdfa53d7e21aa78f9ad7c689f8dbae041734534837b382b44fec3fdaa5

  • SHA512

    f18a6ada928782bdb09ee473215f2988f6febb7a21d4bc664c43f63f5cab139f2e9306a9449c8dd22afb03f12dcb29ebbd9f2b1700af68a02dcc48323e5d980c

  • SSDEEP

    768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvhx5/xFRQC:m5nkFNMOtEvwDpjG8hhX6C

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-15_450d232d0ac49f317e8a436cd2865999_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-15_450d232d0ac49f317e8a436cd2865999_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    41KB

    MD5

    5b869202bf0391597fd0faa0e5d0ee25

    SHA1

    b217a3526c6894161070294abd35222a099c73b5

    SHA256

    bff899ed1adc0aa9535353669331dd2d3c06857eabf9e088116836e06fc06c22

    SHA512

    d1731a67b054d110cc22c2066d35ff4254bf2b0e3e063d11068f93445e67217687481f246c1b5ec471e36759c0b9ddf68dd20208ade13544da29c06aaabee6a1

    Download Submit

  • memory/2352-0-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2352-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2352-2-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2352-8-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2352-15-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2352-16-0x0000000002020000-0x000000000202E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3028-17-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3028-20-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3028-19-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3028-27-0x0000000000500000-0x000000000050E000-memory.dmp

    Filesize

    56KB

    Download