Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_e9326c92642038c5aebc42e5df691b52_cryptolocker.exe

  • Size

    42KB

  • MD5

    e9326c92642038c5aebc42e5df691b52

  • SHA1

    272b485767daabba3390c32b229d8b071a65e5e1

  • SHA256

    93dc187f818330a2f57a355a0c74f18ae0392e4e071972e61d128bfecdff01f2

  • SHA512

    85761cdb0004948136e865a6167e288c8d8a71d00d278a8896daaecf68a58d26d11c332cc0c077f3afc2b0a83ebb1987c6ccc054da1903f4ba12be76fdcbebc8

  • SSDEEP

    768:XS5nQJ24LR1bytOOtEvwDpj66BLbjG9Rva/yYshNhL:i5nkFGMOtEvwDpjR+viHshNd

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 2 IoCs
  • Detects executables built or packed with MPress PE compressor 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_e9326c92642038c5aebc42e5df691b52_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_e9326c92642038c5aebc42e5df691b52_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    42KB

    MD5

    9300a640b5fe1ca83db4b2275d8f580d

    SHA1

    6fd3fb54fe9d212d73b7fdacd2f7ef7129f32fec

    SHA256

    0585068ca1fd8e2b347cc0a8cfd6b71d54d3c1eedc3f5ae7b87a8b404005d651

    SHA512

    2305b0382bfc0a85e1d62058298f3fa1da221587613749ae4642d12875d429af51b6e29ffe24c3de8737f4bcb0c26d03de833d97b51948e5654b75cd19d03d14

    Download Submit

  • memory/2000-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2000-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2000-8-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2000-1-0x0000000000480000-0x0000000000486000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3016-16-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3016-18-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3016-25-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download