Overview

overview

10

Static

static

10

2024-03-28...er.exe

windows7-x64

9

2024-03-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 00:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_98a28753cb2b6ff8a3b4017405819a23_cryptolocker.exe

  • Size

    40KB

  • MD5

    98a28753cb2b6ff8a3b4017405819a23

  • SHA1

    a3a2b1dc82ffe1565126b1d146abc8e04a05a4c2

  • SHA256

    7b226d4202f1970d5688152bda966a91d6b113f7a2b9e08f497b151914811a8a

  • SHA512

    f33bacb13fe40ef4dc1153f4a496a502879f2e3d92ebe3a9678f3c8ddeead726822b4d9f827439d5c90599134d5758062c96da26ab5828a6966b587a71d50275

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAnlB:bCDOw9aMDooc+vAlB

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_98a28753cb2b6ff8a3b4017405819a23_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_98a28753cb2b6ff8a3b4017405819a23_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:1704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\lossy.exe
          Filesize

          40KB

          MD5

          8b2d6d528e4e368e2e494e8b46c23f5f

          SHA1

          62d1a72373a175686734f40b040b4c81f0d1ff9c

          SHA256

          72251a8db035449f4794114130eb964cd118925b78769fb96b5a878c67847451

          SHA512

          7b6f90288d46c8d77465dae2338f416938671f076217f34f80e06fef5a034983f134d4382ac6b3dc3461213712b47d99dd23b8497d2235d9fa0e3188ad105cc9

          Download Submit

        • memory/936-0-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/936-1-0x0000000000330000-0x0000000000336000-memory.dmp

          Filesize

          24KB

          Download

        • memory/936-2-0x0000000000330000-0x0000000000336000-memory.dmp

          Filesize

          24KB

          Download

        • memory/936-3-0x0000000000470000-0x0000000000476000-memory.dmp

          Filesize

          24KB

          Download

        • memory/936-15-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1704-16-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1704-18-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1704-25-0x0000000000280000-0x0000000000286000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1704-26-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download