Overview

overview

10

Static

static

10

2024-04-09...er.exe

windows7-x64

9

2024-04-09...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 07:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_27d277759ab102e6a9f153dc12a021be_cryptolocker.exe

  • Size

    47KB

  • MD5

    27d277759ab102e6a9f153dc12a021be

  • SHA1

    207b8d1f0b2aa5bec7d9baed0b7dd16a05fb06d1

  • SHA256

    ff5d54c68ca313c6fb75c0b8f564b5c5c43619f76865fbee83ffd90685c73401

  • SHA512

    fa9b2f214e4ee00141609dd749523f8ed71162f15c2c6e7629bf2c9d25fbfd29d3ee623e2281851d037cd34827a82c19bb546607b6c3f51c5e2a8d5f1d1f5f2d

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr46xdUUnJ:vj+jsMQMOtEvwDpj5Hczer5ie

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_27d277759ab102e6a9f153dc12a021be_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_27d277759ab102e6a9f153dc12a021be_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    47KB

    MD5

    b0de86be8a14dff7341e369066097a84

    SHA1

    dd79befee051236ffe5656c3509c60022109db22

    SHA256

    435a59bf4b62a9af2a1a7012ffd84ac9f79c3fc68abf24e157a00952c3a623d9

    SHA512

    52402ad0a5af665d4dc2eb13a4bcd54c4915896959f2c44471efb7a6dc5f9d822c024d20c98c7392ed25aa244c61c87b5269aaf281da655e74690d969d6e04ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misids.exe
    Filesize

    1KB

    MD5

    b98700d7098440e587c7ffde7370f32b

    SHA1

    419748eb8ed515eb645fc6e029d2beb47af45c66

    SHA256

    46d6d7e5a82557c3ae152e70e85ec2752755727ef1de4977993feff7581d8abb

    SHA512

    7b3190ba8f1876bde81422f27005f3b666b3c4fae01d82d49705344bc64c77afe626082015bcb79033029464eef0f1d980e7057a90d8440adc797b3aa06ad149

    Download Submit

  • memory/3560-0-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3560-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3560-2-0x0000000000510000-0x0000000000516000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4656-17-0x00000000007D0000-0x00000000007D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4656-20-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download