Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 20:26
General
-
Target
2024-01-25_749377e7b360020ab1d18545dc09ce34_cryptolocker.exe
-
Size
43KB
-
MD5
749377e7b360020ab1d18545dc09ce34
-
SHA1
45fef05e32a6d9f3d3d4496c0449bd47cf4f836f
-
SHA256
b7b5de472a3b9dc76b9d9e42328ccdf711ae6565041b49043c5b587a60176426
-
SHA512
8e3eb84b94a80ca911177b62fac6cbee368d7079de722c5175d2b931a44af547b9236a23608b8bba8b7c8d79b712ac494e3d3ee8f471c7d698d280b770e8303e
-
SSDEEP
768:b7o/2n1TCraU6GD1a4X0WcO+wMVm+slAMRqmz4kmmIs:bc/y2lkF0+BjjIIs
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_749377e7b360020ab1d18545dc09ce34_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_749377e7b360020ab1d18545dc09ce34_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rewok.exe"C:\Users\Admin\AppData\Local\Temp\rewok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD55da1fb0d446390a6dfd7391cea17e15d
SHA193cbd4bbfc2cad6b22f8910ec0ad5c219916305e
SHA25621418c9353ed4a8aa6f4f4015008fb62df9f282bacf7a87201f1707728b2b5d8
SHA5124105c39c5cbed08974961ce4e06c7195690e0d4dfb135fbc53fae7d848f2a93e71b66ded30fa5b9a450832d54e8576b2eda7cafc51c7f8388917e5552cc915dc
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB