Overview

overview

10

Static

static

10

2024-04-30...er.exe

windows7-x64

9

2024-04-30...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 19:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-30_fc29dfe3743df1179375bbb17b9104ab_cryptolocker.exe

  • Size

    42KB

  • MD5

    fc29dfe3743df1179375bbb17b9104ab

  • SHA1

    2aafb6e96c3bca211dad07ad628a13032f1bb772

  • SHA256

    d6461ac9de7a6c9661615eb09a72202d666f2aacedcfd925e2f71d53eac88e11

  • SHA512

    4c59277fa1cd7e304a1b3179b3bda31c1cc26243d6b9a96e8111e33ced36fda4c5c07a67b95c5ae792f7b38b1f11ae9f0c97442775b64a278a9db532f068a6b3

  • SSDEEP

    768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlZLvO:b/pYayGig5HjS3jLm

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-30_fc29dfe3743df1179375bbb17b9104ab_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-30_fc29dfe3743df1179375bbb17b9104ab_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      PID:2412
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3488

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\retln.exe
            Filesize

            42KB

            MD5

            6b220cb3965aeb11b2d7fa089cdb823e

            SHA1

            456b872a832383734d369970b65ae6834bf5a349

            SHA256

            1a56b4f17c6a7ca6fb1b83888df9a64d7fc459dfb9596e33dbe72414a75b57b8

            SHA512

            a7f1610f5c6e3d5e6897bdec5b54f0d9afc9c0f5b88e715e1d46a2c17061dcd4df5a90b9e99d91d3ef451441fb5e3264b3846b9b25f250d1f5a266d632bcd3aa

            Download Submit

          • memory/636-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/636-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/636-2-0x0000000000400000-0x0000000000406000-memory.dmp

            Filesize

            24KB

            Download

          • memory/2412-25-0x0000000001FA0000-0x0000000001FA6000-memory.dmp

            Filesize

            24KB

            Download