Overview

overview

7

Static

static

3

2024-11-21...er.exe

windows7-x64

7

2024-11-21...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-21_b02f710c6470b040f92d2f8a97c7d708_cryptolocker.exe

  • Size

    51KB

  • MD5

    b02f710c6470b040f92d2f8a97c7d708

  • SHA1

    f7235f09d764da81a99632876fe8d46a6d6e3ad7

  • SHA256

    895709a19136278f7d54cc6f4ff3fdd94606b1fa45ff5814f64beba4a8fadb6c

  • SHA512

    094c486d9c7c86a3de552bb1c80e60be9305b51242317d9ab296410d460bdbd94e1077f790cc75c7802f0d1fcb60c7f2b8fb8d055a6b3583e02b4fe93ce60b27

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr42A7n0FmB0nB:vj+jsMQMOtEvwDpj5HczerLO04B+

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-21_b02f710c6470b040f92d2f8a97c7d708_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-21_b02f710c6470b040f92d2f8a97c7d708_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    51KB

    MD5

    8b09c447e3c7caa97282df8aab389cfa

    SHA1

    37f264185c8f904723088929c6fefe8552320313

    SHA256

    7afb4e8f95180a1335b2e5abeb2d8f063cccc4600b28651a5ff1f2a3c6f7ac40

    SHA512

    ea9d9f9b1a6e2b94a7a29117bd4e547e87e8c916a5a8c80720ee34604c4552bd2fb0bf96f8b5eb6b61464d4b57832f0243727b1e625acd3c6796f809d22cf955

    Download Submit

  • memory/2808-16-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2808-15-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3044-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3044-1-0x0000000000210000-0x0000000000216000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3044-8-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download