19b5172dbc97707f1a080907d27b5c4c464c6ff32debec547f36807a380cb0da

Analysis

max time kernel
133s
max time network
141s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe
Size

50KB
MD5

dd7bb3d21f05be6c36226a49b2e7b2aa
SHA1

2c69ae91a048dae763b96baae0cc7cc8725bb7a0
SHA256

19b5172dbc97707f1a080907d27b5c4c464c6ff32debec547f36807a380cb0da
SHA512

199d80ffd97efd67166e01288e76175bd898728b4482f9bcc372c15f42d2ed814f6e02178c1c45e20ad5278075c5f4db4e7433f75c9f84c50a6a79d1a03880f7
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/rJ+Nw8qn8pKIRF:79mqyNhQMOtEvwDpjBxe8TpXRF

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 4 IoCs

resource	yara_rule
behavioral1/memory/2268-0-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000d0000000122a8-11.dat	CryptoLocker_rule2
behavioral1/memory/2268-15-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1736-17-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 4 IoCs

resource	yara_rule
behavioral1/memory/2268-0-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000d0000000122a8-11.dat	CryptoLocker_set1
behavioral1/memory/2268-15-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1736-17-0x0000000000500000-0x000000000050F000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
1736	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2268	2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1736	2268	2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe	28
PID 2268 wrote to memory of 1736	2268	2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe	28
PID 2268 wrote to memory of 1736	2268	2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe	28
PID 2268 wrote to memory of 1736	2268	2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-25_dd7bb3d21f05be6c36226a49b2e7b2aa_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
50KB

MD5
636a346649e224ea0bc80b680a21f502

SHA1
1b9335493f787c54ab889cafe52e001d52109887

SHA256
e158e0d9b59e61295fd07f897dccb9b01dc8914e438044e23d838ea754e127a2

SHA512
9f948b3b64cfcdba358b92ca1cb3b627397aad0295e9f88f5e98ab10374169a3ddfcc8eefe3ce7fb8370c2694ea0598795d9760062634e8610f3371f2cfd91ca

Download Submit
memory/1736-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1736-18-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/1736-25-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2268-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2268-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2268-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2268-3-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2268-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download