Overview

overview

10

Static

static

10

2024-04-28...er.exe

windows7-x64

9

2024-04-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-28_ce57ac9d1b5af18b777ea8c82dc3d28f_cryptolocker.exe

  • Size

    84KB

  • MD5

    ce57ac9d1b5af18b777ea8c82dc3d28f

  • SHA1

    2392cc629db54f8f4a9f7275cb445b305c042a81

  • SHA256

    b2568b52397d150315b27e6a1c14ca472e46ee6dddf2b664a1d698879edd235f

  • SHA512

    210fd2aba377d8409e54917ccd8e11dda1f6a59cb44351ceda740be7ca91c5b7c983de1f9bbddf1a92d44782338dc6ba936b79a7c61fed98606a45984ea75223

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfWafHNBmP:vCjsIOtEvwDpj5H9YvQd2e

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-28_ce57ac9d1b5af18b777ea8c82dc3d28f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-28_ce57ac9d1b5af18b777ea8c82dc3d28f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    85KB

    MD5

    ac9d4ff301b7ea3ea3b414db6e7ec049

    SHA1

    c716591c28d7ac3ca0ee1c554a1e648f9a689b33

    SHA256

    80416ecd546195f8f55da15836bd823956f323430d0bb6c215e969da4658396a

    SHA512

    7b169feb6345734323b395310ef1215c1e8d88996b37acbf18139786d1f87770ecd941174a3a103c16dcc68011bbd0dd4de4e2b725fb11ef662734d49abce750

    Download Submit

  • memory/2844-23-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2844-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-0-0x0000000000560000-0x0000000000566000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-1-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-8-0x0000000000560000-0x0000000000566000-memory.dmp

    Filesize

    24KB

    Download