Overview

overview

10

Static

static

10

2024-03-18...er.exe

windows7-x64

9

2024-03-18...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    153s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 13:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-18_7e3c82aecba450c284e6a740b29fd71d_cryptolocker.exe

  • Size

    26KB

  • MD5

    7e3c82aecba450c284e6a740b29fd71d

  • SHA1

    e312b0fcedb12d141542d55724671a99286fce4c

  • SHA256

    4f6e2ff773ce76101057942b3fbf28f17fad4e99432c758038187ee79a801649

  • SHA512

    7f57f600eceb16cb7e8b286911a9f94e786e8983e9246d4a5ff0e0d1bb7b3b96478225b67a4af9822a6f9eee70ecc23ee861b3aa8f54d4fe8a643f757d1c948d

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zznuHH:b/yC4GyNM01GuQMNXuHH

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-18_7e3c82aecba450c284e6a740b29fd71d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-18_7e3c82aecba450c284e6a740b29fd71d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      PID:4140
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3308

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\retln.exe
            Filesize

            26KB

            MD5

            8f2afaaa989ec23ee2db49043b8818a1

            SHA1

            deef2aa2eedcb7b71b4f799892f8e7180de97334

            SHA256

            37c9d76f540d4049c7de70f775512ea7c3cf364041838c044051e1e829732248

            SHA512

            affcc9d85f8d7932e9d174243e9677f4ba57ebfb4c05dfbb7f2f71bdc7a77cd645da2f7eb446541427ba18657bd4db2c748c943487629f10ec22b5f7424aaf3f

            Download Submit

          • memory/948-0-0x0000000002280000-0x0000000002286000-memory.dmp

            Filesize

            24KB

            Download

          • memory/948-1-0x0000000002280000-0x0000000002286000-memory.dmp

            Filesize

            24KB

            Download

          • memory/948-2-0x0000000000400000-0x0000000000406000-memory.dmp

            Filesize

            24KB

            Download

          • memory/4140-21-0x0000000002210000-0x0000000002216000-memory.dmp

            Filesize

            24KB

            Download