Overview

overview

10

Static

static

10

2024-05-31...er.exe

windows7-x64

9

2024-05-31...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-31_a5309804ea9046a884103260458b8f52_cryptolocker.exe

  • Size

    44KB

  • MD5

    a5309804ea9046a884103260458b8f52

  • SHA1

    b271fa4efcf6855cf5bae175b9c0a35d9c191334

  • SHA256

    7ba5b31c6ec6e6a6865666f6f8959c8b8a3d9ca4039b24ad979e48f3e94c2e36

  • SHA512

    f3f51d0e6a067cdae3a9a658efcee685d85c2ce1a62e5c3ddefca2a675c0480cf630d36125227999c050565c695e3c0be7dd0f8b70c122af2c3b1a7efd7a8352

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAIie0LHZ:bCDOw9aMDooc+vAlXZ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-31_a5309804ea9046a884103260458b8f52_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-31_a5309804ea9046a884103260458b8f52_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3088
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:3292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    44KB

    MD5

    e1e74a7d37a36d7e9fa3ebed22e7b403

    SHA1

    053140f29c7424b2a56524682e1394964ba62bc7

    SHA256

    7f507a5b26d349457dc8012b4a2e26c8f8208b2517a605cd0d067bc6e1f6cf64

    SHA512

    82e0071856441b0dd77a6ff680faa17eace67b611e127648d90bfc28ed4ef79635df21ff2ec353e1acacd007e5c098f1acd31a5f1854c2bb3a25db6dd3f85b49

    Download Submit

  • memory/3088-0-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3088-2-0x00000000020F0000-0x00000000020F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3088-1-0x00000000020C0000-0x00000000020C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3088-9-0x00000000020C0000-0x00000000020C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3088-17-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3292-20-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3292-18-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3292-26-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3292-27-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download