Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12/01/2024, 05:56
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe
-
Size
39KB
-
MD5
26406aa1e600d995adb0968446236719
-
SHA1
dae6e1bc4b42bb6365684ac4ac49c44b8fe9de71
-
SHA256
7f25f1c5d378559a656b46e816b74d62ffb501f5ca240873e15994d0f855c6f9
-
SHA512
fe156c6ce5f6255121e4b742ce6d8b76c91c4ef3a6fc1e279e4de84f1e77789830cb165f5b3968ab81d80c0148134a114e732bd0403e284fd2fabf6992242a63
-
SSDEEP
768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4REL+cc66nkm:vj+jsMQMOtEvwDpj5HW5IT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2928 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2900 2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2900 wrote to memory of 2928 2900 2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe 28 PID 2900 wrote to memory of 2928 2900 2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe 28 PID 2900 wrote to memory of 2928 2900 2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe 28 PID 2900 wrote to memory of 2928 2900 2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_26406aa1e600d995adb0968446236719_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD57e3c6226f3fe735f54c8d976465e5cc4
SHA19d223f3a5d9f38bca26dace3a954c1852ea94709
SHA2567b57756e9b7e881ce21797e8bb774441fbe126db86ac6fcd92b478832c4b5626
SHA51260ab6cb2506fff836bc748e3000acf12cb99c0589be880faab0d00cdd142fde8faa60b78856225f7da8b36e279b8ea637a6e694cf4e89032037dae583130bc44