Overview

overview

10

Static

static

10

2024-05-11...er.exe

windows7-x64

9

2024-05-11...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2024 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-11_facfee175982b9a66be8ca21c3d86351_cryptolocker.exe

  • Size

    54KB

  • MD5

    facfee175982b9a66be8ca21c3d86351

  • SHA1

    9af550fc9463af1f30778df603d630409aea1103

  • SHA256

    3fac74cd7a7965caa8c87697f7b6b709eaacaa80cef36268dfc2ec5a250b3fab

  • SHA512

    2dc7e698bd17647ba4c6f76acd67c253a4320d103b8109867ba2fb8374072b19067512020bacb9df00b5ac2fc5c0f9db4d593afd2672660ef35633f23167a43e

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4Xcn62tH/1/Lp17zJIfeVEuUr6s:bc/y2lm6iH/NLp17zrV9G

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-11_facfee175982b9a66be8ca21c3d86351_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-11_facfee175982b9a66be8ca21c3d86351_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      PID:208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    54KB

    MD5

    bd9724190f45be230655212b3cc1541b

    SHA1

    fdc2a613b2996901caf08ab062089316306435a7

    SHA256

    dc18f16695d5adb7a9ad5530a9141560085b39492ccc5a25e52fb44c7bcba1bc

    SHA512

    09ef49d3a8f5835aa092030f43a08767f51181d148ad59a75a63cea5d97279c46b79e6aaa173dcd92a7182efa53dcefec95dc39de14d644fe7dda80b1d5a8948

    Download Submit

  • memory/208-25-0x0000000002120000-0x0000000002126000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1812-0-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1812-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1812-8-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download