Overview

overview

10

Static

static

10

2024-06-07...er.exe

windows7-x64

9

2024-06-07...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 04:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-07_7080ae4c34572929793be93e62ed4c47_cryptolocker.exe

  • Size

    81KB

  • MD5

    7080ae4c34572929793be93e62ed4c47

  • SHA1

    f8e03121e69aa0306be6dfe479a6942dd0631e6d

  • SHA256

    889aae587a5959c229334309c499872b55f30e825f25e7e6ce32fe75e07046ac

  • SHA512

    8b0eecef93558527975534d8462a880821f7104230cccf61f99ccf988473012af828c632d606ab3593d2a0afc37b8c54cb99724f2ef79e4a5da6b44ba726c2fa

  • SSDEEP

    1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3KEWT+q:ZVxkGOtEvwDpjcax0

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-07_7080ae4c34572929793be93e62ed4c47_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-07_7080ae4c34572929793be93e62ed4c47_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:284

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\misid.exe
          Filesize

          81KB

          MD5

          81082c338e4acb397a0582d8fd34cd39

          SHA1

          c7c2bcee9d5215dc22ea705ee5612660d7ec4698

          SHA256

          211f689c930c38b9552b4fc27fdfd8acd27846701a1699b42721c990ade4f73e

          SHA512

          ccd555342c9d45864471980177fee9326d84712fdb4a056849d84bcd0ff4661d6c7e0e279222a33294bb79480d5fac3b79708d493bf4a052073bec41990a1d3b

          Download Submit

        • memory/284-23-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/284-16-0x00000000004C0000-0x00000000004C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/284-24-0x0000000000230000-0x0000000000233000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2152-0-0x0000000000230000-0x0000000000233000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2152-1-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2152-9-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2152-2-0x0000000000370000-0x0000000000376000-memory.dmp

          Filesize

          24KB

          Download