Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_bc3c7b14f589d2828611c67bf9b8dbec_cryptolocker.exe

  • Size

    78KB

  • MD5

    bc3c7b14f589d2828611c67bf9b8dbec

  • SHA1

    dfbd3b95f7d1f0d98655e28c02030f7a11490269

  • SHA256

    84980547423b4cd6e04b1116c90f8a63557e0e43bd40e2597b2cd83b38225eea

  • SHA512

    c77a5bea0b4ef796c8915e00a299a8bb75e7a3859ab85121cc75bda5eda2a3261dc86945fa58d4f9735f24f51e02d8ce9da51bc7af4a570e5e2510469c256b80

  • SSDEEP

    1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3KUYZ:ZVxkGOtEvwDpjca2

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_bc3c7b14f589d2828611c67bf9b8dbec_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_bc3c7b14f589d2828611c67bf9b8dbec_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2516

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    78KB

    MD5

    a88670430839bf1ca0872f876fe82f84

    SHA1

    13470c32ef08281101c140588642921fd4c5a593

    SHA256

    435eed41226328733c18be9dd317ea14d4aabc73871eac287202d79c7c45421e

    SHA512

    946cf35f94fe3e76e42d33c1e52e654685e4a0d0a219ce950e18de99be37b99a49e3f59c98419f709d55dc7ae0165e785bd01cd12701b3ad40393572dda8b34b

    Download Submit
  • memory/2456-1-0x0000000000230000-0x0000000000233000-memory.dmp
    Filesize

    12KB

    Download
  • memory/2456-0-0x0000000000440000-0x0000000000446000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2456-2-0x0000000000440000-0x0000000000446000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2456-3-0x0000000000470000-0x0000000000476000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2516-16-0x0000000000200000-0x0000000000206000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2516-23-0x00000000001D0000-0x00000000001D6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2516-24-0x00000000001C0000-0x00000000001C6000-memory.dmp
    Filesize

    24KB

    Download