Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 00:49
General
-
Target
2024-01-25_7268140635252b0a3d446e75ef403bdd_cryptolocker.exe
-
Size
27KB
-
MD5
7268140635252b0a3d446e75ef403bdd
-
SHA1
19a27087d92294e17488e9ddb8a393524c1d4324
-
SHA256
8d0f68f90b6d16af2941309acb06b717738043c50c8583f461a422e6cf0c7248
-
SHA512
05c705fc6a38d3b754c6eb7c35a19f0a961efb3b21413f79a73c86a69c3fe42bdf6808bae92baf31ed8f2d36f1da1953ee4bce3b982fc04d297bf1fb01042b6d
-
SSDEEP
384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzo7:b7o/2n1TCraU6GD1a4X8
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_7268140635252b0a3d446e75ef403bdd_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_7268140635252b0a3d446e75ef403bdd_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rewok.exe"C:\Users\Admin\AppData\Local\Temp\rewok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5f03e1072205b1e781e7e4bdeb3e09b4a
SHA1a460e042773f92494741720f558495b508306b56
SHA2567679283f1b4530708d3546e944144ea822d3246ce62932b42b5ca6b17bcf2e4b
SHA512d0776725a8c75ec2b3912e724498fd11b93dadbbbc86e0e289a404cf48cd114f0161e619e6e9954daaafdb21ae3702198a47df965950662f39144f4cf32ba11a
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB