Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-02-2024 22:34
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe
-
Size
148KB
-
MD5
c9c305e1b9b42f94d9d23d7321c8ca0d
-
SHA1
14623d09a09b8198a22599493796a7fb42612383
-
SHA256
3c072936810eb1bf23f2213f12c99ca885ca55a0ded271962bd99db701305480
-
SHA512
7512ff8c107de11492f25e76839e9dc52ea807c7ef4d8e78bddc4573711ab12e4d916af0a181e0c61cc3c5fb412ed9d06e8677f343bdc1bd609812c649a65b0f
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooHPPFl:V6a+pOtEvwDpjt22h
Malware Config
Signatures
-
Detection of CryptoLocker Variants 2 IoCs
resource yara_rule behavioral1/files/0x000c000000012240-10.dat CryptoLocker_rule2 behavioral1/files/0x000c000000012240-13.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 2 IoCs
resource yara_rule behavioral1/files/0x000c000000012240-10.dat CryptoLocker_set1 behavioral1/files/0x000c000000012240-13.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2900 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1500 2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1500 wrote to memory of 2900 1500 2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe 28 PID 1500 wrote to memory of 2900 1500 2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe 28 PID 1500 wrote to memory of 2900 1500 2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe 28 PID 1500 wrote to memory of 2900 1500 2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-27_c9c305e1b9b42f94d9d23d7321c8ca0d_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2900
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
130KB
MD57f739ed7e4d43e107a9a7ef8be43d1f0
SHA11a9e02643e484dc9b14ecddf36744cd729bd4673
SHA256041a5158c5f3db8ce647c719551c1d69174252277fd807ec7b6aea9b5fa49d31
SHA512e8513da0bdf4122200a57e5f7ed2ed1074d282dbdf0d57f60db54109ac7fb646a77aeb6b8a1dc461d7b3990dd28928403b9d1f9da06f7b8b8022795f4c8a2655
-
Filesize
148KB
MD58c6a236462bd999645958f81d30e56bc
SHA1f0578bcaa2b79f4c3df3cc606ad273cbeb08ac17
SHA256271ae5a06c34da555f29c35eb9877a76602fd8c457cbe3adf44c81b6f20e06f1
SHA512ac52d2f01692476aaf132e370a18dc2230053bdc91201da6ad53f9dc62c74ad6a5a450ce457f001228806c47ea44d8bf8d470a1b242ea4ee75bc0275369a7d4d