Overview

overview

10

Static

static

10

2024-04-29...er.exe

windows7-x64

9

2024-04-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-29_c87d8fc8c7e2ce5763622e187f1a8f8e_cryptolocker.exe

  • Size

    36KB

  • MD5

    c87d8fc8c7e2ce5763622e187f1a8f8e

  • SHA1

    f3a023d5b24f34c98a13e0acbcc4dd1c2e0de8e2

  • SHA256

    5ff3f27d80bc007a714ae5731ebe0363a05063950f7e16f5d1eb0cc474143b55

  • SHA512

    2146e2d75ea1f0098bf23b563e11ce92f2fae8cc85040bb8f6b408527bc0149357d315617263f650634d0ab9092d25db27d5cb0158f04dba8e72da23aec3ceb5

  • SSDEEP

    768:fTz7y3lhsT+hs1SQtOOtEvwDpjfAu9+4k:fT+hsMQMOtEvwDpjoIHk

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-29_c87d8fc8c7e2ce5763622e187f1a8f8e_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-29_c87d8fc8c7e2ce5763622e187f1a8f8e_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    36KB

    MD5

    3f761a9f791c10b90369718a7695646e

    SHA1

    6a7629a58ab982e788a903e2f97442ffb6b3bda2

    SHA256

    5a6b76bf3a21a0b77201e4fff9a135a973f64794bcef9c7de38434195f54a9cd

    SHA512

    d89f38b9b1740c26a88506276b1eb85631ee763b10407a0d24a9914cc08262ff485dd8437c0b19c67a19ec7318da36cba2b4b6483d33240cd55358ffee73ef4b

    Download Submit

  • memory/1600-0-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1600-1-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1600-8-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2516-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2516-15-0x0000000000480000-0x0000000000486000-memory.dmp

    Filesize

    24KB

    Download