Overview

overview

10

Static

static

10

2024-05-15...er.exe

windows7-x64

9

2024-05-15...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-15_1a4575d7756ef7efbcadc7e5bb6088c2_cryptolocker.exe

  • Size

    41KB

  • MD5

    1a4575d7756ef7efbcadc7e5bb6088c2

  • SHA1

    7b696471223ff75972fa48232b7737592d697f3e

  • SHA256

    bcbd9be946286d03ae2ef96d93d58a1c87d3bab3170e273c959a375491718459

  • SHA512

    a91d0c1e126c6a7edc3fd29138188cd5fafcd35f51685022256cee4b825758289e8aa4c0b548001d5072c725427bde5027efa3d1cc62ba4874c4b7fec123154a

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAqtA:bCDOw9aMDooc+vAqtA

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-15_1a4575d7756ef7efbcadc7e5bb6088c2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-15_1a4575d7756ef7efbcadc7e5bb6088c2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    42KB

    MD5

    e329dacb7c9adc4841649a5050395a2f

    SHA1

    22871d12467bd00713314db58b9d23e422d3bb93

    SHA256

    6b4cd8965344937ed35e50f858db2a64f29551c06801aa14365750ac02a40c9f

    SHA512

    30954c586daa7390e7eca522bdc72287a4232051869985ee019b465cbc060544367b8aeb1e4d726fa9e83de6b7cc79975dbc56efa4fb6141547dd126c1f62021

    Download Submit

  • memory/440-18-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/440-21-0x0000000001FC0000-0x0000000001FC6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/440-20-0x00000000020F0000-0x00000000020F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/440-27-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1152-0-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1152-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1152-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1152-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1152-17-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download