Overview

overview

10

Static

static

10

2024-04-19...er.exe

windows7-x64

9

2024-04-19...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 07:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-19_faac95eb5c193afa7f1a6f4d33a4a818_cryptolocker.exe

  • Size

    32KB

  • MD5

    faac95eb5c193afa7f1a6f4d33a4a818

  • SHA1

    2f1bd5dbfa2c07f47a789abd2ed74b1beb5716d1

  • SHA256

    edf712d5f4628276de243950cf7a2955c4108c01a6006d6ef451ba491a5553d7

  • SHA512

    74873e56df03a669f9aeb2ba275fcde777dee7029fbcc7bb26bbf5e1fb55aa0555e95dc0dbb35d7b00cf17ded5131b76927668ecde50031d0bc419d8c923a971

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEkcsi:b/yC4GyNM01GuQMNXw2PSjSKkc9

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-19_faac95eb5c193afa7f1a6f4d33a4a818_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-19_faac95eb5c193afa7f1a6f4d33a4a818_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      PID:4896
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2964

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\retln.exe
            Filesize

            32KB

            MD5

            cb63340cf52e8ed7ff466c49d45cd030

            SHA1

            57173cc6da23f249b771f5096d084952ed50d28f

            SHA256

            f8f8b4ba5ae7bbd73a9e11b347705c5df720f2050ad17c344eb1d89f4f3aaff0

            SHA512

            5815ef18fc59748818cdb5889b41c46377c4acfa809d3ae24149ae2fb10463e7c67d37cf3f8413e869a1f5a263ed14815fff0582c59657d26d31c07bed9f5fdf

            Download Submit

          • memory/3868-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/3868-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/3868-2-0x0000000000400000-0x0000000000406000-memory.dmp

            Filesize

            24KB

            Download

          • memory/4896-19-0x0000000002090000-0x0000000002096000-memory.dmp

            Filesize

            24KB

            Download