Overview

overview

10

Static

static

10

2024-05-02...er.exe

windows7-x64

9

2024-05-02...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2024, 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-02_43a761abe4b34239e69e2fb1f09a05a2_cryptolocker.exe

  • Size

    47KB

  • MD5

    43a761abe4b34239e69e2fb1f09a05a2

  • SHA1

    18bb40036172fa691ff298f92e19a2f8ce6d6e1d

  • SHA256

    6f168d65512a714cc3a36710b364b86e2971fc13486b3c5bc0966ab58ee9a725

  • SHA512

    415a2c271d8c3883c7d3c860aa4c29f8997e56e7d22b18145dd7785323db19ad0262d5270227c2bc3e629ae0f6adf6c60707ce575e62e4c41f292272636c4b40

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr42A7n0FmB03:vj+jsMQMOtEvwDpj5HczerLO04BU

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-02_43a761abe4b34239e69e2fb1f09a05a2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-02_43a761abe4b34239e69e2fb1f09a05a2_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    47KB

    MD5

    e8897fa0d624657717d76fa2acac9f55

    SHA1

    6dcf2d2e800915e8fb623ed9a54e22d22d4df6e3

    SHA256

    7aa46c825d0099c10120aeef3827f48bbc28a03e08f53b0f7fa7c983428ac32f

    SHA512

    b5ee23aa87f281b186a1a06f97a0a25ca8989232baa619c57e5f5940c4676f9f2deed0fe5504f07c26957652bb24d202ee0c8948f5036e517703b2b47b18b8cf

    Download Submit

  • memory/2052-15-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2052-22-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2248-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2248-1-0x0000000000470000-0x0000000000476000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2248-8-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download