Overview

overview

10

Static

static

10

2024-04-24...er.exe

windows7-x64

9

2024-04-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 21:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-24_977a974fd4118d5d0867688bdba18a0c_cryptolocker.exe

  • Size

    31KB

  • MD5

    977a974fd4118d5d0867688bdba18a0c

  • SHA1

    087c82c0c25c8a2d56810a904f16d2ba6beaa8f5

  • SHA256

    8252615b6b8177089e255b93aa3e19badd304c91fb4d692896e6e45ad51c2b0e

  • SHA512

    a3e6e7aa15e662b7660e3d58e70a8e4d299b65415b75123504a18788e2c5db1ff053888a5e428fece3d3ee2376c5c54c7aa7382bf16a8611b34193c5103a01fc

  • SSDEEP

    384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTGSWLw:bG74zYcgT/Ekd0ryfjck

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-24_977a974fd4118d5d0867688bdba18a0c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-24_977a974fd4118d5d0867688bdba18a0c_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
          Filesize

          31KB

          MD5

          2d613797e925eb5b3f2fde071006335c

          SHA1

          5dd0e6d1b6f9f21ec76bbc98ae2eb10328692330

          SHA256

          6918469eedf2c0adc414522f931b38d74bac387612d37465f078bf79ea2cfbf2

          SHA512

          6f503353b2a93e7a1273e636eb49b34fb2869b22e735820c04abfd50bf8dcc033955a4cece13b129a95df4b03f54d028a14e7c4320a267ff13e7a1d7ed1204a7

          Download Submit

        • memory/456-18-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/456-26-0x0000000002D60000-0x0000000002D66000-memory.dmp

          Filesize

          24KB

          Download

        • memory/456-27-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4672-0-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4672-1-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4672-2-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4672-3-0x0000000003010000-0x0000000003016000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4672-17-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download