Overview

overview

10

Static

static

10

2024-04-26...er.exe

windows7-x64

9

2024-04-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2024, 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-26_f142a3b170c18ae7d76aa163b0675704_cryptolocker.exe

  • Size

    90KB

  • MD5

    f142a3b170c18ae7d76aa163b0675704

  • SHA1

    8206b4d9b75426643fac45961e2d7d41e56300a4

  • SHA256

    f54c1c1031812cb3fa0b0dca524737e01b012bd4e149bad8ef33edeb77aa74c2

  • SHA512

    87bbc816117218d4995714d217b323187807f1851482ad31411665b40138a713e8d4edb491fcd01ab63f67cf3a1e5735aefd03765d9a19db10f2bd12a61ef501

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5H8u8rBN6nqEZNi1OkQe:vCjsIOtEvwDpj5H8zPs8

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-26_f142a3b170c18ae7d76aa163b0675704_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-26_f142a3b170c18ae7d76aa163b0675704_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:1436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    91KB

    MD5

    52e4e12a8ec6b4cfb40343867f067654

    SHA1

    58278d897f921ba72b4d3a38b61cde505de30b95

    SHA256

    ea2138c23032365a14e8e971c8b7aad14399a1d78af8d5cacec9ac2a765748f1

    SHA512

    1267f031501dab3d448f80fe585cbe88ddbc3e7767886b3b2ca7bfe1470c4401d54dc4e17a5b16da041a8dec3b07fa643f4cd2ae477dba613914fa7df11c892b

    Download Submit

  • memory/1436-17-0x0000000000690000-0x0000000000696000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1436-23-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4212-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4212-1-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4212-8-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download