Analysis
-
max time kernel
136s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 04:00
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe
-
Size
34KB
-
MD5
e736fdc4b76182f722ee30fca9419997
-
SHA1
c65e25134b5e9e8c001bf1372a5da3ee025928a5
-
SHA256
4a703a8a0b0ada1d27edd9a00fe9828b5e3fd7174687573b8978458b6fbf4773
-
SHA512
09738f9027f58dbe1efd6e0c94cbd48d307385c7c5f54a5d8f7a92a6112a8d8ca7a4d5652e75a7658614204cbd20dabbfbe4e9ff328f3ea2fa78b54801bb7607
-
SSDEEP
768:fTz7y3lhsT+hs1SQtOOtEvwDpjfAu9+4s:fT+hsMQMOtEvwDpjoIHs
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000d0000000122d9-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000d0000000122d9-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2920 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2500 2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2500 wrote to memory of 2920 2500 2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe 28 PID 2500 wrote to memory of 2920 2500 2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe 28 PID 2500 wrote to memory of 2920 2500 2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe 28 PID 2500 wrote to memory of 2920 2500 2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-08_e736fdc4b76182f722ee30fca9419997_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2920
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
34KB
MD580c3b8471b228d724e2497a7f59ae67a
SHA1bbaa3b62a2e26a0389ca1eecb36f031638efc1c6
SHA2562cb6aadec7a1d9110dbd50e20740ca1619bbe474d05da7a2a3b9c3a41a47cc26
SHA512d7b74257d94c86e990d1ccf68ce573ac88d5580d558f525874b880018f99c09dace9eda01599eb1f77245df6555706a924a1f03f555967bbce46be7eb45031d1