Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10-05-2024 04:42
General
-
Target
2024-05-10_87dcbb1a57cfaf98564a9bfbb7c5d05b_cryptolocker.exe
-
Size
41KB
-
MD5
87dcbb1a57cfaf98564a9bfbb7c5d05b
-
SHA1
5f08a74c7e1abd0ca0d8bda35958b26bf2840b11
-
SHA256
dce1d4ce16492af5e59b0fba376eae9990558c86dc328a8e28102be81c462f6b
-
SHA512
2cc19f50fef48565bf076f4c74fcbeec8a230efe626d50dfdb794ccd43097e161c4b35de190c91b86f784c3d0dfe541bbad0e01f3483e5701bf77d703d79655b
-
SSDEEP
768:bA74zYcgT/Ekd0ryfjPIunqpeNswmT3Hwqg:bA6YcA/X6G0W143QH
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-10_87dcbb1a57cfaf98564a9bfbb7c5d05b_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-10_87dcbb1a57cfaf98564a9bfbb7c5d05b_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\hasfj.exe"C:\Users\Admin\AppData\Local\Temp\hasfj.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41KB
MD5523ac2a74a1a0b3892e827e392c5a384
SHA10ee6ad94a6bfb69bdf90bfcca8d3beb0db80f8a6
SHA2567cb8d1d34955da18d9132b9ea233fffc7c8e5edd747e45c997e4b8c8f4c666f0
SHA51267131c63ed9f8ce9c4f172b7318824c06f24b44935cb766bf0ef1bd134c9b9422f88711a92b591ba21ad5bb4cb17c74a87899df4eb0a85e60be6dbad3605b96d
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB