Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 19:51
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe
-
Size
41KB
-
MD5
2da8b5e99c69c9db59205dfe03b6eb02
-
SHA1
2b1073efcef1405dc9139504847e8e6dec5efdb3
-
SHA256
ee5717a297721355c15df04f2e67112691619b4949f6a488ea2e947cb11dc927
-
SHA512
7e9a4f8eb5c6f5c74e85006c947badff7baffba0f305e76b8533714fc15afc612cc4a5712716afc32694159f08d9c081cd99086ef29f56dcb057826259727cc9
-
SSDEEP
768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFp1I:bxNrC7kYo1Fxf3s05rwxbF7I
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\pissa.exe CryptoLocker_rule2 -
Executes dropped EXE 1 IoCs
Processes:
pissa.exepid process 2808 pissa.exe -
Loads dropped DLL 1 IoCs
Processes:
2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exepid process 2184 2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exedescription pid process target process PID 2184 wrote to memory of 2808 2184 2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe pissa.exe PID 2184 wrote to memory of 2808 2184 2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe pissa.exe PID 2184 wrote to memory of 2808 2184 2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe pissa.exe PID 2184 wrote to memory of 2808 2184 2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe pissa.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\pissa.exe"C:\Users\Admin\AppData\Local\Temp\pissa.exe"1⤵
- Executes dropped EXE
PID:2808
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_2da8b5e99c69c9db59205dfe03b6eb02_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD596f9b03384ea553885882b6378acf564
SHA12f454b0bda99bf8b4a0e6505d2f3a0852e4b4490
SHA25600b04b9233479fd6929c8f442f4e32433ba79624e96ec2428e996a5d550ed40c
SHA512c20c0ec4cd30f7c841e90cb47ae5fa4d3a88af6d3dfade7735df97d224416bff6b303cfe5c0efc9b021845c17f5832e18a7b09491ff7352d7cd132480a6bcdf2