Overview

overview

10

Static

static

10

2024-04-27...er.exe

windows7-x64

9

2024-04-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_a95f356de8100e9865c65b1e4a4c0703_cryptolocker.exe

  • Size

    41KB

  • MD5

    a95f356de8100e9865c65b1e4a4c0703

  • SHA1

    7d34be7cf88d6bf305cb497537584b9010ec04d7

  • SHA256

    ff43ca28126cf51c7876d2624b6744aafafc657668b10879b80926124a6ceea3

  • SHA512

    de9f0985e9870ed523c72e6681589d60aeedf01a70158043dfceec472f9d037c75f04ba1f134290761e860582f2252f8a4b9b297eef042a123c900b9115bf8de

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAH3:bCDOw9aMDooc+vAX

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_a95f356de8100e9865c65b1e4a4c0703_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_a95f356de8100e9865c65b1e4a4c0703_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    42KB

    MD5

    27705c682e728018219302a427f52b37

    SHA1

    199130d7e0fe7a26a40f2c25ce31fa6fea0967a8

    SHA256

    f4b990e1cd1de82af02d53a1f43a09f02e82f339af5eb4f025ecf4aa0c927745

    SHA512

    921dc398d7a37f9ea60d4250b632047523a9c756562e4cf78021fd3bdf12130cfc8c86140a9fda025d7c3fd1f5eec6895a588352d81b59e186d5b2205b31a235

    Download Submit

  • memory/1532-18-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1532-20-0x0000000000740000-0x0000000000746000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1532-26-0x0000000000720000-0x0000000000726000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1532-27-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2920-0-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2920-1-0x0000000000620000-0x0000000000626000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2920-2-0x00000000020E0000-0x00000000020E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2920-9-0x0000000000620000-0x0000000000626000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2920-17-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download