Overview

overview

10

Static

static

10

2024-03-19...er.exe

windows7-x64

9

2024-03-19...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 03:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-19_82e594aaa98f8664f339842045035551_cryptolocker.exe

  • Size

    51KB

  • MD5

    82e594aaa98f8664f339842045035551

  • SHA1

    716c9b4dee95ca44448e2a3b00d2ff557f584c1f

  • SHA256

    62bec43dac70c8fdb630e5010c399566f1a0c523e431f99e6fae268730980f52

  • SHA512

    e332172317b787fbc5ebdf787173ab01e6f373665b4e17cc26a368655cfcf6c7a8acc223d8a187059a630ac52f11c4d447b171555084b25905be8549a55d99b7

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9Xv+aGzQB:bIDOw9a0DwitDZzclqQB

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-19_82e594aaa98f8664f339842045035551_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-19_82e594aaa98f8664f339842045035551_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:2032

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\lossy.exe
          Filesize

          51KB

          MD5

          cd9c2719b4e1c441f847c06d4bce20b5

          SHA1

          672b2d2f48a9d34bcb151e11ffc6dc0326f2287c

          SHA256

          f40557f8b393fc5aa7d58fea2538db8219ec780ac416f2f76b2bd268a500c8de

          SHA512

          632f618654eb2744f90a0e5f0ae750bbe224eee9457aae47f8f34f68cfe153acc57af668cc2428b62c7718252a1c3a906267b7617238937353b9d43c5a0c36e9

          Download Submit

        • memory/1936-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1936-1-0x0000000000450000-0x0000000000456000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1936-2-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2032-15-0x00000000002F0000-0x00000000002F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2032-19-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download