Overview

overview

10

Static

static

10

2024-03-29...er.exe

windows7-x64

9

2024-03-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-29_378de56cf11c350b899c60718b345554_cryptolocker.exe

  • Size

    52KB

  • MD5

    378de56cf11c350b899c60718b345554

  • SHA1

    bb46a709749c4ff6774d9c97e9a15fb0a100e851

  • SHA256

    f425e9b2e08f7b3eb69a0e3ab5f1720dc9d05892a23b098ce0da223f9bd3bae8

  • SHA512

    a12ec3bc0f840ece29610f7c1344ed6172d25d4c6e2d43021c56cfb4ffd1274dbb5d95da523dd834be535992a3e4bb642a524fdf8deb6f7189fe460c65a92431

  • SSDEEP

    1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdO5Skz:ZVxkGOtEvwDpjcP

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-29_378de56cf11c350b899c60718b345554_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-29_378de56cf11c350b899c60718b345554_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    52KB

    MD5

    a5c7cf8159658487a82a84d083650e9b

    SHA1

    5535a07bf87db4735d3ffe14c2a0bcc59d081eb5

    SHA256

    791e550662bc8080b4109c40d83ed61686c293322ad5d0d34a60fc5da0deea0c

    SHA512

    cefa6af8371a3ceef417c0ec33b08ade4b2574cee76af0c25380c2fe78db0998b11673fbd07e8ccd9399927b7baf1ca956997e7819061140a71d5cf9cdc9ec04

    Download Submit

  • memory/1992-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1992-2-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1992-1-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3032-16-0x0000000000460000-0x0000000000466000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3032-15-0x0000000000240000-0x0000000000243000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3032-18-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download