cb830b5c7379970f01fbc4c92286fa2a5d56bbf762678362d74844711c15c6ae

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe
Size

49KB
MD5

bc2e49aa99e5791706982278f46c8436
SHA1

085c51a743f911eae9c0421bf3df047a5cd065d3
SHA256

cb830b5c7379970f01fbc4c92286fa2a5d56bbf762678362d74844711c15c6ae
SHA512

ca48ccff07fd4f5e6e8335550b68926bd2e1b2e462772684e66dad66a5a5c853ef587e82c00b238127e9d2dea027a3ad491a25770a4ca9e91ec9d7cba8503f51
SSDEEP

1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQPdUve:BbdDmjr+OtEvwDpjMXL

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 6 IoCs

resource	yara_rule
behavioral1/memory/2348-0-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000b0000000122dc-11.dat	CryptoLocker_rule2
behavioral1/memory/2348-15-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1584-17-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1584-27-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2348-29-0x00000000006A0000-0x00000000006B0000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 3 IoCs

resource	yara_rule
behavioral1/memory/2348-15-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1584-17-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1584-27-0x0000000000500000-0x0000000000510000-memory.dmp	CryptoLocker_set1

UPX dump on OEP (original entry point) 5 IoCs

resource	yara_rule
behavioral1/memory/2348-0-0x0000000000500000-0x0000000000510000-memory.dmp	UPX
behavioral1/files/0x000b0000000122dc-11.dat	UPX
behavioral1/memory/2348-15-0x0000000000500000-0x0000000000510000-memory.dmp	UPX
behavioral1/memory/1584-17-0x0000000000500000-0x0000000000510000-memory.dmp	UPX
behavioral1/memory/1584-27-0x0000000000500000-0x0000000000510000-memory.dmp	UPX

Executes dropped EXE 1 IoCs

pid	Process
1584	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2348	2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1584	2348	2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe	28
PID 2348 wrote to memory of 1584	2348	2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe	28
PID 2348 wrote to memory of 1584	2348	2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe	28
PID 2348 wrote to memory of 1584	2348	2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-20_bc2e49aa99e5791706982278f46c8436_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
49KB

MD5
8ee10d2a79f321b0341e68aecc650830

SHA1
034dd23f8ae899e2b5a60cd3d56256177188ff6a

SHA256
f13c9ae795821e148d066633dbf153b33d516575797e5a1df3aff9e1461c98fe

SHA512
b995cc1016f57aa785fd2d6c5e1017fdc7943925a756c0889127392f918dc9c47552faf34d60c3d01ff740a5712144316e3a6afdf0ed5be8568018ee46707707

Download Submit
memory/1584-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1584-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1584-26-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download
memory/1584-27-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2348-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2348-2-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2348-16-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download
memory/2348-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-29-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download