Overview

overview

10

Static

static

10

2024-05-29...er.exe

windows7-x64

9

2024-05-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    93s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 03:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-29_8e1bdac3e0828625c3d64cecfff028f4_cryptolocker.exe

  • Size

    37KB

  • MD5

    8e1bdac3e0828625c3d64cecfff028f4

  • SHA1

    8b202a8e78059df99dbdebc7507d02f9d6cf6c22

  • SHA256

    90c73e919e32b4d3a3395a9bc59224d8793028656c32b64637e5ee1479c6ad8c

  • SHA512

    f15b9fe06d3226f28d3a89e09777d3ef46e3f503fdee656683f05885265741a17cb7415476707dc0252c7574328b4d37b38de7e817a100d3a0d367f89f197283

  • SSDEEP

    768:bAvJCYOOvbRPDEgXrNekd7l94i3pQheDF:bAvJCF+RQgJeab4sb5

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_8e1bdac3e0828625c3d64cecfff028f4_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_8e1bdac3e0828625c3d64cecfff028f4_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4508
    • C:\Users\Admin\AppData\Local\Temp\demka.exe
      "C:\Users\Admin\AppData\Local\Temp\demka.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\demka.exe
    Filesize

    37KB

    MD5

    4417a51ef28a7ad5a38448281b2afcf6

    SHA1

    364566f4bd2c7ca026d4a6455010c41c0a78fe85

    SHA256

    b4781ab82be94bfc680ea378fef3c9f1c1b40034e962d9513d926468fc42a136

    SHA512

    f9fac385bc7e4095c6c8b5fd61e06fb4c4a007a4c9194b11f38ead54d027824ad0e2cce45a0656d676bfa199cc8d34be30662b0d95a7879a9a67885382805529

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\medkem.exe
    Filesize

    186B

    MD5

    b9f4374f896f9983c33e9d0b588f0013

    SHA1

    b8020e1be1ca994b0c92448b8751de82b01cc9b5

    SHA256

    6693eb10ef2b6399732cb13c54af5cbb990215fb265d3c2cc13133461b9f4d27

    SHA512

    fbee8e10e523ac919928b0144d098481fc9ead831f0e00a94d2d55bf17bb55e8186629394cd1c7787f0c0aa9b82f743b1768d03bbc6413205538b29d0541ac74

    Download Submit

  • memory/1552-25-0x0000000002180000-0x0000000002186000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4508-0-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4508-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4508-8-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download