Overview

overview

10

Static

static

10

2024-05-11...er.exe

windows7-x64

9

2024-05-11...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe

  • Size

    54KB

  • MD5

    22f84ec802be3fff8e3e2a1b0eecff69

  • SHA1

    48d7a5bac0cd7e9c74451dbb31745e4c8090a83a

  • SHA256

    5e23324643cb25bced58d86f5db882bb662add439004f550fec836efd1edb76e

  • SHA512

    aac23f68152786169125c7aaccf7e746975a3eb826cf390adad8990c270746b4b3bbe52c668a59d568df338a1a205f3a5d364b8ad5f0a1a333b397e3f30f2c35

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9Xv+mb6uXsl:bIDOw9a0DwitDZzc16j

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-11_22f84ec802be3fff8e3e2a1b0eecff69_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:4912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    54KB

    MD5

    f8b90422be5b06efe89f44fd1917ad66

    SHA1

    b1d2b3d3915cb2a990771fa70319d2e32b1d9bc5

    SHA256

    7fbaeccae7a95eb3254a7f7eb884e9aa903d58f30be9926b79bbad08b7bb3baf

    SHA512

    c8f294dff789d934b9304cd16de1fe049293e6510a19339b7b6b501d9350722cab3b0d8839a14f0110d22e81d4cef6abcea43916b6279136399a682fa1669c74

    Download Submit

  • memory/3952-0-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3952-1-0x0000000001FF0000-0x0000000001FF6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3952-8-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4912-23-0x0000000001F40000-0x0000000001F46000-memory.dmp

    Filesize

    24KB

    Download