Overview

overview

10

Static

static

10

2024-03-25...er.exe

windows7-x64

9

2024-03-25...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 20:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-25_d1ab0c48c334730e3ec2824ece43aaba_cryptolocker.exe

  • Size

    40KB

  • MD5

    d1ab0c48c334730e3ec2824ece43aaba

  • SHA1

    624d26543941d9c2e8c2465d816a4cb3a8e86779

  • SHA256

    9fdaaae311cdb4efef198fbb0d896939682a08e8b33eaaff31ced8b3b5b55df7

  • SHA512

    98adb7883ac622f9611fada69a1e203a09ce9b4317883e23116c6d97eb64184cef9a8e33f5188a84417b44669a4a94e578781b509d5c88989e3fa408c6dc4f00

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtA5:bCDOw9aMDooc+vA5

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-25_d1ab0c48c334730e3ec2824ece43aaba_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-25_d1ab0c48c334730e3ec2824ece43aaba_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:3068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lossy.exe
          Filesize

          40KB

          MD5

          718bbb33a354c89bb1396b2152806232

          SHA1

          cb6663a9133f5cfd9d06b4ce8f4feecbd40f6010

          SHA256

          91b51b5f5419f8977c4ec45e2e57b3c5c9f3e66cf93367730925abe459792d62

          SHA512

          886e6e24a3b965db469584c75ab363918aef41e889ad47b8a018db49af404931f35453857e4c4324274c8961584bdd9c0ec564ddfa1bba0ce98ecd53ae579113

          Download Submit

        • memory/2996-0-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2996-1-0x00000000020C0000-0x00000000020C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2996-2-0x00000000020C0000-0x00000000020C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2996-3-0x00000000020E0000-0x00000000020E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2996-17-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3068-19-0x00000000005B0000-0x00000000005B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3068-21-0x0000000000590000-0x0000000000596000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3068-26-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download