Overview

overview

10

Static

static

10

2024-04-27...er.exe

windows7-x64

9

2024-04-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_8fc0f93bb33f561bbd86c32fe1357b0b_cryptolocker.exe

  • Size

    88KB

  • MD5

    8fc0f93bb33f561bbd86c32fe1357b0b

  • SHA1

    1263dc463458510ffa906a96f37eb1c6b0a981ba

  • SHA256

    8fe9f567ca65088fe2cbb3e6a8e25bbc7bf0dec57d16776b998dbd21f09bc339

  • SHA512

    c923ef8f78342eaad67aa81b84024376f1824b05796721e9ed7cb0eba89050c911a76e7cbbd8aae31339ca2356281c38c7cb062876b7ccdd63cd252862754a2d

  • SSDEEP

    1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRMy8tyblW:zCsanOtEvwDpj1

Score
9/10
upx

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_8fc0f93bb33f561bbd86c32fe1357b0b_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_8fc0f93bb33f561bbd86c32fe1357b0b_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:4424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    88KB

    MD5

    9e85f439956e350f66666541f9a2b65a

    SHA1

    1398fa351e381d08a6d86b5c30bc63e62ade3b50

    SHA256

    4cb1bc074423cbea09fca5149881fc93cda387c980d2f47b71f3039f3b4d0a6c

    SHA512

    ec7220e6753a7c11d04ac2751655ff3cbdf5c02026e38384e0f8b5caf1dded9b4d5e42cf07c767ff7b6704752f3194f0c23ec5640841784ab56979a580303778

    Download Submit

  • memory/4424-17-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4424-19-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4424-26-0x0000000000670000-0x0000000000676000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4424-27-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5000-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5000-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5000-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5000-9-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5000-25-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download