Overview

overview

10

Static

static

10

2024-04-28...er.exe

windows7-x64

9

2024-04-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-28_414775d3c0a2925cfdb89f3ad4470084_cryptolocker.exe

  • Size

    84KB

  • MD5

    414775d3c0a2925cfdb89f3ad4470084

  • SHA1

    48477b0e5b07d270af887da8a7d49de6504e8681

  • SHA256

    d54ff6e45d6ef459d5ad21e51e5c57987b754b903a809339a62112747652e150

  • SHA512

    f29feef9b6680eddb737f6f5d4cd230eb8fcc98bb6005b563b22574e0ca7adfad71206fbd3ab83468c7374a6f5e2a5a9e9fcd3bcdbbb28a2957950f373387d0c

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfWafHNBmt:vCjsIOtEvwDpj5H9YvQd2I

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-28_414775d3c0a2925cfdb89f3ad4470084_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-28_414775d3c0a2925cfdb89f3ad4470084_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    84KB

    MD5

    1885101c97a8555cd8e7d2ba1fad03f5

    SHA1

    26d35dec7d7b4466f694a4eea722c16215ed60bc

    SHA256

    13d92a57a980298ff311f9e14cc7d5e196b43dc4306df1ce1149169cc9ad456b

    SHA512

    9f1dbdc152f758ee6be33f28c72550308c40a5c5641946b104dcf14d3fb7084518e925c8f5636f87738c208982c79e98a183be369911f50529f63e3f3c1050a1

    Download Submit

  • memory/1728-15-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1728-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2844-0-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2844-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2844-8-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download