Overview

overview

10

Static

static

10

2024-06-12...er.exe

windows7-x64

9

2024-06-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-12_992dc5ed9bca489cf0bac48831330786_cryptolocker.exe

  • Size

    37KB

  • MD5

    992dc5ed9bca489cf0bac48831330786

  • SHA1

    c99feeda426eed4e6a88596eac9f6111a8d6669e

  • SHA256

    41c3732288856c9ff926b7030ca7e529e4da838fdc302c73e7373cd29450011f

  • SHA512

    34f1fac604bcabeec053ce68f60b3ca6a873218ac91dde431d49a8412f99f6c589c77844064464cd1f3b6eb897b59698019096bf38ce762cadd834060983b3f2

  • SSDEEP

    768:bAvJCYOOvbRPDEgXrNekd7l94i3pQheDIHA:bAvJCF+RQgJeab4sbx

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-12_992dc5ed9bca489cf0bac48831330786_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-12_992dc5ed9bca489cf0bac48831330786_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Users\Admin\AppData\Local\Temp\demka.exe
      "C:\Users\Admin\AppData\Local\Temp\demka.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\demka.exe
    Filesize

    37KB

    MD5

    02986a70c2d962569f5111899fc92e35

    SHA1

    12245a102b03c9db80ee79b5b136762f5d35e7b8

    SHA256

    0e2313ce235225915fbf516c2da860d78c366cb9bc862331a8cd71b59f4ef9a4

    SHA512

    f9293ee94d26c333c10a532be56d101b1c6159e317965e708145aa5f289b28fd6ba4fe6edb9bbc16ee52a1066a545e8585c0b8afe221649eb4e8fd344dfc3fd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\medkem.exe
    Filesize

    186B

    MD5

    1e45d2f5bd01eb8ec2eb43628f8b4052

    SHA1

    44428e9b1f6743fd5865b52dc0eb64e0a822aec0

    SHA256

    6034cfc32721d862c25f305241ccdddf741d1bb62bb517c59ae2bfc8b698b67a

    SHA512

    72fbc3de242c8df2d5b449e7a6883fcee5a4f6b02facaa8affbd068cbdbda65ce3b70a51e42947a86f9f09039f3921acaf06773e35c30992adba6636968132d7

    Download Submit

  • memory/1092-0-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1092-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1092-8-0x0000000002210000-0x0000000002216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2392-25-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download