Analysis
-
max time kernel
11s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 17:22
General
-
Target
2024-01-25_09a134c8ae5e847477ea745935195a08_cryptolocker.exe
-
Size
31KB
-
MD5
09a134c8ae5e847477ea745935195a08
-
SHA1
ded0efbc9d2ae2f3d05d688de32396d094019d58
-
SHA256
c86b089a7a12ba0ca1f308b2935064677bf9927ea86cef916e29f185343dc3d7
-
SHA512
860ab67122bb4052f51026a7b1d4844722963ff4c1a9268651a9f6bf47fd80c22ecdba17ec02516dd0a6cc2e897785be11b2224d789c606fdfa6c1b5116b3a89
-
SSDEEP
384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznUsD3W:b/yC4GyNM01GuQMNXw2PSjZG
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\retln.exe"C:\Users\Admin\AppData\Local\Temp\retln.exe"1⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_09a134c8ae5e847477ea745935195a08_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_09a134c8ae5e847477ea745935195a08_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD5286771c2f7c0ea34454b64f1aac4eac9
SHA1f7ceaadd9f036cac2802283cdd1ea88bb7a7724a
SHA2567739dd43b909c7a896765f381146d37faab943de7922f5f904b44c0672ccb8ab
SHA512be9f50d35c188c58d80ed1bf3e4fc74a1b0c9aa66df407903f70da6c113456149465074c387dabb65432a9e01525c16b6e755eb720aec2da16e21d974d8d43c1
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB