Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
19-04-2024 03:24
General
-
Target
2024-04-19_0504754cc6c21bcde03258c555ec4e5b_cryptolocker.exe
-
Size
42KB
-
MD5
0504754cc6c21bcde03258c555ec4e5b
-
SHA1
ac6e473648af61dba28a033fab6ff9a1263d366a
-
SHA256
9212692346b2607184e7a510ea7dd4700c96cd3c7567a5b7e0aef4fee3635332
-
SHA512
3e7241ba4720357ae8d81770af585bf76e6bae7a43a49745b4b360ecad12caa1c64fbc84db85969420c73a4e25c0fe3e7b02e2575d4015fd66dd085ff7b78078
-
SSDEEP
768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAx:b/pYayGig5HjS3NPAx
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-19_0504754cc6c21bcde03258c555ec4e5b_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-19_0504754cc6c21bcde03258c555ec4e5b_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\retln.exe"C:\Users\Admin\AppData\Local\Temp\retln.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD5618fb51cfedb0b7aeb32f10b76f48742
SHA19fd3c5b7df49f1ccd56d93f4b97da84ac47e25c7
SHA256f8ba8ee12d5532b0bb1b049830eab22b35dbe90f3134129780758dfec4b8f325
SHA512184ce562d1a9c80b4c3224a502295769c595d13d8d1f956cca60378a2c45187311b84b786d1cdff155f55fdbc51b03089cc61a9b8fe5ed194219c818c73ad85f
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB