Overview

overview

10

Static

static

10

2024-03-19...er.exe

windows7-x64

9

2024-03-19...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-19_7ec469b734b581c73972f9c6e3bcbf13_cryptolocker.exe

  • Size

    54KB

  • MD5

    7ec469b734b581c73972f9c6e3bcbf13

  • SHA1

    460cfd5bd4ee157caa5f107d1ac4bb9507e1f0c9

  • SHA256

    f972b2b01a9d1e7a0012ed9607bdc21ffa1be85c4dff12559a4e6f6372b5d9bb

  • SHA512

    d990fd235110b6e4301ba175d3579267c6c1c391c5a9dea3ff811c8168b625a298038a1f3351432c7ff7076f5143a11ce0353f37784788d58cba6c5d2bda9578

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9XbTbmhTymob:bIDOw9a0DwitDZzcT2ob

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-19_7ec469b734b581c73972f9c6e3bcbf13_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-19_7ec469b734b581c73972f9c6e3bcbf13_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    54KB

    MD5

    4fd526d3c178c652c4a923f4ab3563e1

    SHA1

    ec968c1fb8786b7b45a813ab5a3e765aaa1b184e

    SHA256

    8bafb7f0d3f4f5347f4fcabe511738c43f55d56be1d105743aeefafed105ab85

    SHA512

    c1a407dbd3e46b8eb94da839bd516da381e1cc1030e762057f941a82287d2705df1108d291dd8b082b715f683424cbfd8fb58fd2af49848c9791bfacef82ad3d

    Download Submit

  • memory/1432-0-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1432-1-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1432-2-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-15-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-16-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download