Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18-02-2024 16:45
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe
-
Size
52KB
-
MD5
8e6753bd4993743119ca910aaf39cb4b
-
SHA1
8e97c6d91163cb0566d92a9824bff0acf7f2b245
-
SHA256
1eafbb85c287a7756e96ac29ec501d94a131bebfa834c989f67e7e670017fe84
-
SHA512
ce3920bbef1d9a801762689ff57195cf330eebed62694aa339dab846b2b189b00000e3da2f68d428fdc57ab278ca28b277851b3ed3607d6421a29b148f1cc2b5
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjeJQ7pojaklc:V6a+pOtEvwDpjD
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x0009000000012281-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x0009000000012281-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 1048 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1976 2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1976 wrote to memory of 1048 1976 2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe 28 PID 1976 wrote to memory of 1048 1976 2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe 28 PID 1976 wrote to memory of 1048 1976 2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe 28 PID 1976 wrote to memory of 1048 1976 2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_8e6753bd4993743119ca910aaf39cb4b_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:1048
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5482c9e6c68d71f229a2fa880f89b7c91
SHA11b32357457b57be844dceca87a53fc65e742ad6d
SHA256af5ca436f742bcf1989fb8d15ac420a45af8b116ae2fcaa9d16309749b4565c0
SHA5128b20a563fcd2e2bc577c9a556f35a98b84eee552a8db4d00c583441bb8426e802cbaf6b4c1130201737fe49b0de56906848cd4b7428f2b74d8909b5b0dc1f292