Overview

overview

10

Static

static

10

2024-03-16...er.exe

windows7-x64

9

2024-03-16...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-16_55425bd23016ed056762c57b53b31f97_cryptolocker.exe

  • Size

    44KB

  • MD5

    55425bd23016ed056762c57b53b31f97

  • SHA1

    ca3ca33333c20dde05a1c3995838ffbf3abbed05

  • SHA256

    87ef48f1c7428e52149787a99444bef27b593ff5c35cb23297167eb0e529178c

  • SHA512

    8b99a0b755805f4b9ec5ddc7e9ab27102f4982e01b41689647a11fc2fac2714fdb6f0a223bb831b63cd422284f4a9cbf8877e8dc7791d7579bce239999e61302

  • SSDEEP

    768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFqRoN63:bxNrC7kYo1Fxf3s05rwxbFvN63

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-16_55425bd23016ed056762c57b53b31f97_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-16_55425bd23016ed056762c57b53b31f97_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Users\Admin\AppData\Local\Temp\pissa.exe
      "C:\Users\Admin\AppData\Local\Temp\pissa.exe"
      2⤵
      • Executes dropped EXE
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\pissa.exe
    Filesize

    45KB

    MD5

    5f1ca2b325d9a287f18af6b1e15e1490

    SHA1

    bde39bf3e73a2c035132162a31d784ac5d91ac3c

    SHA256

    dbc6d5432b32585fdb7b012b3fde82f6286511eb251d9001d0371f37eaf278f0

    SHA512

    a72b03fa258604820483dd81d66962447c79418f5eb2b8d1965fd714d8a27456b48ff59b0ade6e0feab1029e0921c4a85a341e16aa000d972c0492047795e88a

    Download Submit

  • memory/2760-16-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2760-15-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-0-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-1-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-5-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download