Overview

overview

10

Static

static

10

2024-05-20...er.exe

windows7-x64

9

2024-05-20...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 17:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-20_7eadca668e3064f21387f017e745bc31_cryptolocker.exe

  • Size

    41KB

  • MD5

    7eadca668e3064f21387f017e745bc31

  • SHA1

    802432e38738e29261b16890670b280e62c73004

  • SHA256

    d050ac68365164bf4ac8e89fd21b28c53c06669db2c6d21b245627da5b454b2a

  • SHA512

    39729b3966c138294c30d97a74c4a68dc4c51d5d2e0bb3b76f17c7552890ea94f6e19da8bfc9eb164b69b3e9a05ad23cfeb6ba64527b9b897e166d550037b7e9

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AJvDSuYlxujsFwV:b/yC4GyNM01GuQMNXw2PSjHPbSuYlaJV

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-20_7eadca668e3064f21387f017e745bc31_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-20_7eadca668e3064f21387f017e745bc31_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      PID:4808

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\retln.exe
          Filesize

          42KB

          MD5

          387828b364045d0fc1de0ca5025c8341

          SHA1

          a7e2c70c5f9e6e8d1dfc2f553f81eae159dd0e3a

          SHA256

          f5181919e86feb59254733bb06e4f4052ff9deb3bf47c464623fb0b143a6b805

          SHA512

          e65d54468a7b0ab8d93602c863c7a83f6ef863606b3b2af07af5967e0c958456523e40572acb3cd18a6b568691e27467ca41f780684ed6a77ce4acc936b4871f

          Download Submit

        • memory/1312-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1312-1-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1312-8-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4808-25-0x0000000002090000-0x0000000002096000-memory.dmp

          Filesize

          24KB

          Download