fd27e3d3a13d766d722c5f6ef1e3db0945b12f00207890bb65e1ce7d7e0a35cb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe
Size

54KB
MD5

5e7be9acce715f6d462185933bc1e4f6
SHA1

d3e3bc2a7691a9f5b5a5dbdda4a4c1d917812409
SHA256

fd27e3d3a13d766d722c5f6ef1e3db0945b12f00207890bb65e1ce7d7e0a35cb
SHA512

1bcc859c5073876728b028aa850f137a42807bc0a22f7500d29d6bf552c1bd2c0fdc3cbffde6b5d3be37cce0d66547e0a213d93b8cb633233de4aac9d72dea3d
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylSV/CCjgB:79mqyNhQMOtEvwDpjBPY7xv3g8OB

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 4 IoCs

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000b000000012257-11.dat	CryptoLocker_rule2
behavioral1/memory/2204-15-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1984-16-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 4 IoCs

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000b000000012257-11.dat	CryptoLocker_set1
behavioral1/memory/2204-15-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1984-16-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
1984	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1984	2204	2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe	28
PID 2204 wrote to memory of 1984	2204	2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe	28
PID 2204 wrote to memory of 1984	2204	2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe	28
PID 2204 wrote to memory of 1984	2204	2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
9acf851064741df6094966befe567d25

SHA1
1a21f195b0ecc02d16ad462731bc8e91842f0758

SHA256
24844386bea9cbc96cd40e79f5d03f014c6779b3f6007d7a28e929626fcb9dc3

SHA512
10dd96b08b677bf6130bf941bd28f795d528c3b62343f29979547af67fcc2ff04fcd75c2493ffa3b914d09860c1edd85dc0cc14eab7295925436095d58d168c4

Download Submit
memory/1984-16-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1984-18-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/1984-20-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2204-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2204-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2204-3-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2204-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2204-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download