Overview

overview

10

Static

static

10

2024-04-09...er.exe

windows7-x64

9

2024-04-09...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 16:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_dd916a11b25b2c76843f9559fdd336fa_cryptolocker.exe

  • Size

    90KB

  • MD5

    dd916a11b25b2c76843f9559fdd336fa

  • SHA1

    286bb53e4a3a62a05b7d7f335d7eea792bfac0dc

  • SHA256

    d12b5b9e4acee6d62960c458f9f474b1221747b3f7495fe5cab8142ff985c82b

  • SHA512

    75cc01e6b06660225396cabfb5a4f2875f98e279e10150c224be0eae3127ac2a51eab078c968493aa0ea2698356dcdb3ed330d2b8c48af51be65a14232fcc717

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5H8u8rBN6nqEZNi1OkQNpAPH:vCjsIOtEvwDpj5H8zPs+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_dd916a11b25b2c76843f9559fdd336fa_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_dd916a11b25b2c76843f9559fdd336fa_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1008
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4212

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\misid.exe
            Filesize

            90KB

            MD5

            2b5d50b60b0fbf23e3efce93e9e4700e

            SHA1

            13b89834abeaabf65f0c0c110a9f4aa143f2f78d

            SHA256

            66bd0d5fc689407b0ab41abdca51120df5aa4237f1a37efd8dc128e0d34a5403

            SHA512

            306e14009ae51cee93ed35e2d1c1fa217f58d0337ac782216b3b1b1730dadf4079538ad16b04b575d42e58869cfdcb2c78f6d5dd27184d0dd11ab690baa5b35e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\misids.exe
            Filesize

            1KB

            MD5

            269b35029dec8f70b073f829be818196

            SHA1

            d3eb42d36000c3459136374ee6eb1e986b44e403

            SHA256

            df8c24a8dc38d8d2a745f2261dc0d56927f769aefa112208c9823089dedd590a

            SHA512

            e218cd2a102c0c1fe49183512c76a1b950904555842673e3e069b75ee773879636a4dbf08fa5606c19ca80fd61ade76deddbdf05b16032c2bd873c69a9c3347a

            Download Submit

          • memory/1008-17-0x0000000000760000-0x0000000000766000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1008-20-0x0000000000630000-0x0000000000636000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1592-0-0x00000000005E0000-0x00000000005E6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1592-1-0x00000000005E0000-0x00000000005E6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1592-2-0x0000000000600000-0x0000000000606000-memory.dmp

            Filesize

            24KB

            Download