Overview

overview

10

Static

static

10

2024-03-26...er.exe

windows7-x64

9

2024-03-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2024 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_bf2bbe85a02d02b96f9f630d1ad6b54a_cryptolocker.exe

  • Size

    64KB

  • MD5

    bf2bbe85a02d02b96f9f630d1ad6b54a

  • SHA1

    433e0a4cbf39ef0818d707cfa610c820720fa95c

  • SHA256

    43e8fc82491a5f6795567a0e56091db77b36c5e9a3bfc96da2da548364966c0c

  • SHA512

    72c2cb288d05e174a1443701835375cf5badd03608407c1cd9788c2eb305ea007238cccb1ee2f21611f257eec725fcef4c26a7c96987ad31a3b4b4aee1e04955

  • SSDEEP

    768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxt5I52kGEKIRo:6j+1NMOtEvwDpjr8ox8UDEKKo

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_bf2bbe85a02d02b96f9f630d1ad6b54a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_bf2bbe85a02d02b96f9f630d1ad6b54a_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:3540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    64KB

    MD5

    f9f1277338f3de5a4ffdce831dc3e405

    SHA1

    75ac42f3274daa9e8da85e3f973aa79e548b6328

    SHA256

    e81a201182d39031df26884b136f36b46128d48f8c12b68163faf58bf71b8f9a

    SHA512

    b588af3fc3bbcfa24b768cb66e562ad00b7fa5acd168acfdf0efc32610a02b51858801751c15c8f9e91aecc3b732603f2395db5db67dbcbf3dbf0798c70d5bb8

    Download Submit

  • memory/2868-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2868-1-0x0000000000620000-0x0000000000626000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2868-2-0x0000000000620000-0x0000000000626000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2868-3-0x0000000000640000-0x0000000000646000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2868-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3540-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3540-20-0x0000000002100000-0x0000000002106000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3540-24-0x00000000020E0000-0x00000000020E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3540-27-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download