Overview

overview

10

Static

static

10

2024-06-02...er.exe

windows7-x64

9

2024-06-02...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 00:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-02_bdc8ea56fe31aab00e4186b266a3378d_cryptolocker.exe

  • Size

    43KB

  • MD5

    bdc8ea56fe31aab00e4186b266a3378d

  • SHA1

    b76a0655f11b944bfb405f26da4d47834ef86a09

  • SHA256

    6f2bee81bb95993b7eec58278c00e3233ebfe7d417cd0cc19ccd65ace5966236

  • SHA512

    c05e63f00a4f330790df580725d563c76f44f28cfc914e31f9b0d8f0c53975e58f3f47ac14d28939b936de3e69be4b396b8be624bd545c83aaf5d340ed72d19a

  • SSDEEP

    768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtA9:bCDOw9aMDooc+vA9

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-02_bdc8ea56fe31aab00e4186b266a3378d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-02_bdc8ea56fe31aab00e4186b266a3378d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:4472

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lossy.exe
          Filesize

          43KB

          MD5

          9512eb73add03ecc50fd5e3839df5f8d

          SHA1

          786b34e606d1dd7433cf9bba4da13ea1b190f72b

          SHA256

          07fab0f7f90dea11f89ba8c8eeecc179e17a406e82628532e8949e68bb2019df

          SHA512

          15af8be84abc9b49446bd57314beb689c80f2d548108c9c53cfa2ca36a1cbc6d70c954d387629ea2fd19e2f0a7e35c07a7f528ce04882552ae923409938db886

          Download Submit

        • memory/2748-0-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2748-1-0x0000000002130000-0x0000000002136000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2748-9-0x0000000002130000-0x0000000002136000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2748-2-0x0000000002040000-0x0000000002046000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2748-16-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4472-18-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4472-20-0x00000000021D0000-0x00000000021D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4472-21-0x00000000020F0000-0x00000000020F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4472-27-0x0000000008000000-0x000000000800A000-memory.dmp

          Filesize

          40KB

          Download