04bb3e3291c718cc2497fc20a548852d4c7e31f01e8dc2dd7fcf23f115a73dc9

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 07:23

Target

2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe
Size

38KB
MD5

1b9a6fecd43cf7ebf5e11dad8f7fe90c
SHA1

94afc232ff21c4ae2077dcef6b59e8a80a151212
SHA256

04bb3e3291c718cc2497fc20a548852d4c7e31f01e8dc2dd7fcf23f115a73dc9
SHA512

070e2ae1d2727d58fc0e22b1ba65e3a81d0f88c00966788fc32fd8cd2f351000d4f20f3555cce1b9017e8a7a9d2949ed054443cebfa9f5375207061c8516912a
SSDEEP

768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6DyE9x1:bIDOw9a0Dwo3P1ojvUSD79z

Score

9^/10

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
behavioral1/files/0x000b000000013a06-10.dat	CryptoLocker_rule2

Executes dropped EXE 1 IoCs

pid	Process
2068	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2160	2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2068	2160	2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe	28
PID 2160 wrote to memory of 2068	2160	2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe	28
PID 2160 wrote to memory of 2068	2160	2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe	28
PID 2160 wrote to memory of 2068	2160	2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-09_1b9a6fecd43cf7ebf5e11dad8f7fe90c_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2068

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
38KB

MD5
d01e7edc717a9cfb11c3222baa8d5ba9

SHA1
13f5048fa0318251ec471fd9c98e50269321b7e3

SHA256
c2a92bcde11a2740851e840e87eea48e42125640e4fb92ca40056832de001b9d

SHA512
f6f54cc81b41cb9f862e1c1e7b6b2cd45a649b309e75121d1bc94ca3d5801b2656f3a28cfe25f4ba82a9dc0680856491da15132a7363de73a3fd58ff7cf975ad

Download Submit
memory/2068-15-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2068-16-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2160-0-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2160-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2160-3-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download