Overview

overview

10

Static

static

10

2024-03-15...er.exe

windows7-x64

9

2024-03-15...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-15_a053a5e46927a2047a9fb4c18d6cb97d_cryptolocker.exe

  • Size

    29KB

  • MD5

    a053a5e46927a2047a9fb4c18d6cb97d

  • SHA1

    e8d1481f8cc64bdb85a3ab65c2ab543b67a97e6d

  • SHA256

    8f97f2577a154925df8ea97ec44e35d8bbd6de3bdeabc4bd5aa93b2f26a87618

  • SHA512

    1397a2f14618f5d541e7f075ecbd3e8134b0ef01d2d86305e34d1cedd8a8511a4dc98e0bc09c1f495883c1cc61a15fe5b0211433ed939aa50edc8647e68387e2

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUr766SJlkUA0:bA74zYcgT/Ekd0ryfjQRS4Ub

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-15_a053a5e46927a2047a9fb4c18d6cb97d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-15_a053a5e46927a2047a9fb4c18d6cb97d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4568
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:5036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    29KB

    MD5

    060256efa80ea279156b4e34c25db4d5

    SHA1

    69c67b93dc47471e36d9d9de090f8ba13ce3df28

    SHA256

    f9dd6f2f19a203d658988b48557799b4e8f2f98f8f254ac73a1438729b6e073d

    SHA512

    eb82d343847997559f6df272ad82a45658dc5adea905873952467b2c9cdeae1e182088b0d541d5a842d67875a60791707cc0e1f5706ddd209e3e919d29511947

    Download Submit

  • memory/4568-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-2-0x0000000003150000-0x0000000003156000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5036-17-0x0000000002ED0000-0x0000000002ED6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5036-19-0x00000000020A0000-0x00000000020A6000-memory.dmp

    Filesize

    24KB

    Download