Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27-01-2024 08:27
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe
-
Size
58KB
-
MD5
460c70dad7a2b0ab44e37f5c947f6614
-
SHA1
85e7ca3c7a2d06fb079f0b434dedac67c74b9967
-
SHA256
5977383a26eaefa6c0e54ef5f44f3e442a48e8423c3aa8fa85c536e30bd24f07
-
SHA512
ee43b526b8a90f8d9f5e9ebd294fab5eeee2369b682fe53790200c24facd8eb457b7a343220d6708af7850146d0fa48ccff9f7fd33f84161ab5c1c5c3d260e8c
-
SSDEEP
1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMY8:TCjsIOtEvwDpj5HE/OUHnSMs
Malware Config
Signatures
-
Detection of CryptoLocker Variants 6 IoCs
resource yara_rule behavioral1/memory/2284-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000a00000001223b-11.dat CryptoLocker_rule2 behavioral1/memory/2704-17-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2284-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2284-13-0x00000000020A0000-0x00000000020AE000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2704-28-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 6 IoCs
resource yara_rule behavioral1/memory/2284-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000a00000001223b-11.dat CryptoLocker_set1 behavioral1/memory/2704-17-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2284-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2284-13-0x00000000020A0000-0x00000000020AE000-memory.dmp CryptoLocker_set1 behavioral1/memory/2704-28-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2704 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2284 2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2284 wrote to memory of 2704 2284 2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe 28 PID 2284 wrote to memory of 2704 2284 2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe 28 PID 2284 wrote to memory of 2704 2284 2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe 28 PID 2284 wrote to memory of 2704 2284 2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_460c70dad7a2b0ab44e37f5c947f6614_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58KB
MD5b928f6e5a5e4bbde5e6c4b6d61b8446e
SHA158ea48b154f2b30bf6e49b9d1a5fbd568b1b5035
SHA256fb0beb0b7b317a144d5a9f239a6883b2a9c6142c80e3ad70addaae65f4fef266
SHA512a749a5b7a24ce00cd0558ada6efb9c2874a560b6dae9c59e03d2fb447a02be4f97c8661b9394cb7176dd7f6cb869cf2758c544bddbac379e3b2195f547a5534f