Analysis
-
max time kernel
151s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23/01/2024, 00:21
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe
-
Size
46KB
-
MD5
0211985466b883dc8876f89f7ab25865
-
SHA1
f75d7b71af112a7bd5dd167c2f2d116788efde92
-
SHA256
70dd6c527c3f190477ea0b26dde4d2a1fba9c94e2074c8a79a016034eab165c3
-
SHA512
0b08f26c2aa230741e0aa74512333fa8f7ba8dee34b3eb95e08309bfab2a049ca402ebd61a980f62f010e8806b60fe1063d47f1b6aa08aa6b82c9a0abc8499e4
-
SSDEEP
768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6D8jnPxyV4tFpF0Lo:bIDOw9a0Dwo3P1ojvUSD4PRtFp4o
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x0008000000012223-10.dat CryptoLocker_rule2 -
Executes dropped EXE 1 IoCs
pid Process 2724 lossy.exe -
Loads dropped DLL 1 IoCs
pid Process 2268 2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2724 2268 2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe 28 PID 2268 wrote to memory of 2724 2268 2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe 28 PID 2268 wrote to memory of 2724 2268 2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe 28 PID 2268 wrote to memory of 2724 2268 2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-23_0211985466b883dc8876f89f7ab25865_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\lossy.exe"C:\Users\Admin\AppData\Local\Temp\lossy.exe"2⤵
- Executes dropped EXE
PID:2724
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD55e291249506a2bcf0686d627dc27d56a
SHA1f8df264e6f7459d00cef2a060c351cf49da725f5
SHA256d3a6d6bc21bc980d58f5c42fe0c4efdbe776a1f94ff48cfe09917e3d16cac4fa
SHA51207d6b2972aa72c0995859a31ab607bd0c594e820ff8872f97fe8803d95bc2368d4a339f7dd59604cea325c528be94150b320d369164ad614e9f5f85761487d69