Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-02-2024 22:34

General

  • Target

    2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe

  • Size

    148KB

  • MD5

    c9c305e1b9b42f94d9d23d7321c8ca0d

  • SHA1

    14623d09a09b8198a22599493796a7fb42612383

  • SHA256

    3c072936810eb1bf23f2213f12c99ca885ca55a0ded271962bd99db701305480

  • SHA512

    7512ff8c107de11492f25e76839e9dc52ea807c7ef4d8e78bddc4573711ab12e4d916af0a181e0c61cc3c5fb412ed9d06e8677f343bdc1bd609812c649a65b0f

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooHPPFl:V6a+pOtEvwDpjt22h

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 2 IoCs
  • Detection of Cryptolocker Samples 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    130KB

    MD5

    7f739ed7e4d43e107a9a7ef8be43d1f0

    SHA1

    1a9e02643e484dc9b14ecddf36744cd729bd4673

    SHA256

    041a5158c5f3db8ce647c719551c1d69174252277fd807ec7b6aea9b5fa49d31

    SHA512

    e8513da0bdf4122200a57e5f7ed2ed1074d282dbdf0d57f60db54109ac7fb646a77aeb6b8a1dc461d7b3990dd28928403b9d1f9da06f7b8b8022795f4c8a2655

  • \Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    148KB

    MD5

    8c6a236462bd999645958f81d30e56bc

    SHA1

    f0578bcaa2b79f4c3df3cc606ad273cbeb08ac17

    SHA256

    271ae5a06c34da555f29c35eb9877a76602fd8c457cbe3adf44c81b6f20e06f1

    SHA512

    ac52d2f01692476aaf132e370a18dc2230053bdc91201da6ad53f9dc62c74ad6a5a450ce457f001228806c47ea44d8bf8d470a1b242ea4ee75bc0275369a7d4d

  • memory/1500-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

  • memory/1500-1-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

  • memory/1500-2-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

  • memory/2900-15-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

  • memory/2900-16-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB