bdec582490a82bc33b66b25816c95fa2d44b20865dfc315127f66733450e40cc

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe
Size

59KB
MD5

69f0a0055f38ce69f687265d8d099940
SHA1

58097afaf073cb587c675bd2e222cfd798deb0ce
SHA256

bdec582490a82bc33b66b25816c95fa2d44b20865dfc315127f66733450e40cc
SHA512

0b507e5301a45de4fbeb52756541929a225bd4f8a9e36e3d9097e4e6f07829a2b5a096418813f5f354f5cb88b5e39294565d64cff6faaf99a9012aced0ef7d43
SSDEEP

1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMZ:TCjsIOtEvwDpj5HE/OUHnSMa

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 6 IoCs

resource	yara_rule
behavioral1/memory/2504-0-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000a00000001225b-11.dat	CryptoLocker_rule2
behavioral1/memory/2504-14-0x0000000000600000-0x000000000060E000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2440-17-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2504-15-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2440-27-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 6 IoCs

resource	yara_rule
behavioral1/memory/2504-0-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000a00000001225b-11.dat	CryptoLocker_set1
behavioral1/memory/2504-14-0x0000000000600000-0x000000000060E000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2440-17-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2504-15-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2440-27-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2440	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2504	2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2440	2504	2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe	28
PID 2504 wrote to memory of 2440	2504	2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe	28
PID 2504 wrote to memory of 2440	2504	2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe	28
PID 2504 wrote to memory of 2440	2504	2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-27_69f0a0055f38ce69f687265d8d099940_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
59KB

MD5
541327a1de6b29599eb9ed5ccdbab8d7

SHA1
c281f242ae1b3eef6eb24bcc0190c2da5705e784

SHA256
3a4e79057f3c4a202cbc26501412c816d442f72ddde739f1ab43c8e228cc08f0

SHA512
c99df251ef42af3fb57ee9c167cc42fb0b57cd0f68760ca30a62cb017cd05847e0bfa1a4df6567c9a39e15e6b39c6a0146e74eb23cca4a39f951002e5f42e7e1

Download Submit
memory/2440-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2440-27-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2504-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2504-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2504-2-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2504-6-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2504-14-0x0000000000600000-0x000000000060E000-memory.dmp

Filesize
56KB

Download
memory/2504-15-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2504-26-0x0000000000600000-0x000000000060E000-memory.dmp

Filesize
56KB

Download