Overview

overview

10

Static

static

10

2024-04-27...er.exe

windows7-x64

9

2024-04-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_80b7866ea205a478efe3b6f4c749532d_cryptolocker.exe

  • Size

    35KB

  • MD5

    80b7866ea205a478efe3b6f4c749532d

  • SHA1

    80cfd9b1d053ce7ae49935a852a7cba98b284b66

  • SHA256

    09a01e8161071c3609e5c65008d413cc4cfef6190539a74b488485748438582e

  • SHA512

    24cb961dc636717ca9254ef4ecd961134caf602fad9d8119e91d617a39f9409a5b28d43271c972ca70f329fcba12d5f7418881c0a672bdaf8c68ebaa78a8c895

  • SSDEEP

    384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6ckJp0qAgmEzXKxA+uspNY:bAvJCYOOvbRPDEgXRc+BAILYY

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_80b7866ea205a478efe3b6f4c749532d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_80b7866ea205a478efe3b6f4c749532d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Users\Admin\AppData\Local\Temp\demka.exe
      "C:\Users\Admin\AppData\Local\Temp\demka.exe"
      2⤵
      • Executes dropped EXE
      PID:4340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\demka.exe
    Filesize

    35KB

    MD5

    a1d935ca381385a245b6959f1ebfb22d

    SHA1

    c42de23369a13b31262be1230c84664305d00770

    SHA256

    531f47f7e5ce58f1eeacb86fdb6a8d3b6a6534d64b8380eb3d2a3f8f4dd5cbb4

    SHA512

    c3d84b3145c41e46116f47bf3c562172c8d0d0a7c6297a5dea8601bc9e8cd135f0a7e64dbff6992d38e6208270de2abef11361d2e2220f4838bd22e5343da82f

    Download Submit

  • memory/4340-25-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4856-0-0x0000000002200000-0x0000000002206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4856-8-0x0000000002200000-0x0000000002206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4856-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download