Overview

overview

10

Static

static

10

2024-04-28...er.exe

windows7-x64

9

2024-04-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 10:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-28_97334c56cd185bfbebd92a2a4eaadb16_cryptolocker.exe

  • Size

    39KB

  • MD5

    97334c56cd185bfbebd92a2a4eaadb16

  • SHA1

    1403b462e82e70ab4ba2f40bc102dd83ae410133

  • SHA256

    1e5e7bc329df8680574b729d17d77a146c354aa4d16f1f918a5d35969f888075

  • SHA512

    af67c146a9350750be299b0fd2d8b1e279e0aee6806d63502a918f9c7912bbe47027775b6400905f7fdb55e9ce31bf453590e0c12b06d13b95eee7870ad614f2

  • SSDEEP

    768:bA74zYcgT/Ekd0ryfjPIunqpeNswmxT4Hme:bA6YcA/X6G0W1BGe

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-28_97334c56cd185bfbebd92a2a4eaadb16_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-28_97334c56cd185bfbebd92a2a4eaadb16_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1248
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:5596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    40KB

    MD5

    a826190b9b90682fba6b42af049349a7

    SHA1

    e1c6b5f118afa05f8a25f242cacfdbdf191697b3

    SHA256

    eb8fd65a22f3ce2da3b81d133e45b21e1ca9acf635161b7f3b57ad32cd3d91bd

    SHA512

    61e65924f34bde90d7099ddeffcf069998ed54d0aa331ac327ade83fa0907cb25c0f5880efdca404397a5972cc6db960f103bdde99432897bc97464c1ff9379a

    Download Submit

  • memory/1248-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1248-1-0x0000000003150000-0x0000000003156000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1248-8-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5596-17-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5596-18-0x0000000003010000-0x0000000003016000-memory.dmp

    Filesize

    24KB

    Download