Overview

overview

7

Static

static

3

2024-11-02...er.exe

windows7-x64

7

2024-11-02...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2024 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-02_00012fa253697b0fff104193aa1edd61_cryptolocker.exe

  • Size

    51KB

  • MD5

    00012fa253697b0fff104193aa1edd61

  • SHA1

    be4c33463643b69457a00c29cfee58d4f4685679

  • SHA256

    0798d4a4c016e4e94212a4c38a0488bfd7359f5607494037ada044d96af75c4c

  • SHA512

    b7c659a0aed98e05b9ec73ce9f652b3cac1478a746ca2dc6991d04fa12404de8096d358dbb7ca5c3e715ba541f81a6c8406d5ce658c4f72e804d2a3d362b1ec5

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr42A7n0FmB0na:vj+jsMQMOtEvwDpj5HczerLO04Bd

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-02_00012fa253697b0fff104193aa1edd61_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-02_00012fa253697b0fff104193aa1edd61_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:796
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    51KB

    MD5

    0420c7a9a385fd1a09ba29b7f5aa2b37

    SHA1

    3706b3136bc0d05c7b949d97c2f1add061c5277d

    SHA256

    dfa83201d24789f3ce4b9e38ba917d810f72fc596d361e161b8c61bd17d5f5b6

    SHA512

    1ddfc23e65894fd9dad4a7e1ba797f706b6ddde55f2e5945d204f47797ac75b3e1e09f53f9703010a1a9d618278c0b70853881ea490ba2ab775235f955283632

    Download Submit

  • memory/796-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/796-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/796-2-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1224-15-0x00000000003F0000-0x00000000003F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1224-22-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download