2024dc62e30f14755e588c9fed96f6bacfd5356f2e803e3754733bf1391d1e58

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 07:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe
Size

52KB
MD5

8dee239ceceeebe033f3ae099f39a6d6
SHA1

7c78973ec0436a1366f343888fe6db8d86ab6100
SHA256

2024dc62e30f14755e588c9fed96f6bacfd5356f2e803e3754733bf1391d1e58
SHA512

7d061fcf2ef8997d02f3040e70980fa3670e009cc1e955e8f9dd8164ace09baeea349be6a90f7c2756c62d920ad5965df3be5813bba0bceec77ac2bfd01c8a96
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9Xv+mb6uXvMjt:bIDOw9a0DwitDZzc167jt

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
behavioral2/files/0x000a000000022d84-12.dat	CryptoLocker_rule2

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe

Executes dropped EXE 1 IoCs

pid	Process
460	lossy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 460	3644	2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe	85
PID 3644 wrote to memory of 460	3644	2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe	85
PID 3644 wrote to memory of 460	3644	2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe	85

C:\Users\Admin\AppData\Local\Temp\2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-27_8dee239ceceeebe033f3ae099f39a6d6_cryptolocker.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:460

Network

DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

187.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.178.17.96.in-addr.arpa

IN PTR

Response

187.178.17.96.in-addr.arpa

IN PTR

a96-17-178-187deploystaticakamaitechnologiescom
DNS

187.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.178.17.96.in-addr.arpa

IN PTR
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

209.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.178.17.96.in-addr.arpa

IN PTR

Response

209.178.17.96.in-addr.arpa

IN PTR

a96-17-178-209deploystaticakamaitechnologiescom
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A
DNS

2.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.173.189.20.in-addr.arpa

IN PTR

Response
DNS

2.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.173.189.20.in-addr.arpa

IN PTR
DNS

2ndry.com

lossy.exe

Remote address:

8.8.8.8:53

Request

2ndry.com

IN A

Response

138.91.171.81:80

46 B
1

8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

187.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

187.178.17.96.in-addr.arpa

DNS Request

187.178.17.96.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

165 B
128 B
3
1

DNS Request

2ndry.com

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

110 B
128 B
2
1

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

219 B
147 B
3
1

DNS Request

104.219.191.52.in-addr.arpa

DNS Request

104.219.191.52.in-addr.arpa

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

216 B
146 B
3
1

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

171.39.242.20.in-addr.arpa

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

110 B
128 B
2
1

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

110 B
128 B
2
1

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

110 B
256 B
2
2

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

209.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.178.17.96.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

110 B
256 B
2
2

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

110 B
128 B
2
1

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com
8.8.8.8:53

2ndry.com

dns

lossy.exe

165 B
128 B
3
1

DNS Request

2ndry.com

DNS Request

2ndry.com

DNS Request

2ndry.com
8.8.8.8:53

2.173.189.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

2.173.189.20.in-addr.arpa

DNS Request

2.173.189.20.in-addr.arpa
8.8.8.8:53

2ndry.com

dns

lossy.exe

55 B
128 B
1
1

DNS Request

2ndry.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
53KB

MD5
c5b6074d24cb41d48f6e0becc2ce2736

SHA1
d9c801e13a1d721fc6827dc3983681cf24bdfac0

SHA256
19112716ee8f8b4654930437dcbe75ecef48d70d1f33ba19b7d6fb6b56e592e2

SHA512
544c4b565b0a462b81028b3bdac5abbb2e3e883050ca197fc48fa1f1e806fda8ca20ba6a8ffa2ab9923b8cbbca0a44d4becf18a899208c5edf94cca68241a16b

Download Submit
memory/460-17-0x00000000020F0000-0x00000000020F6000-memory.dmp

Filesize
24KB

Download
memory/3644-0-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/3644-1-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/3644-2-0x00000000021A0000-0x00000000021A6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.