f17bf630155938324e52844f34e430d3fff628adcc420a285e8c676af84173f8

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 04:01

Target

2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe
Size

39KB
MD5

ac9a965ca95d110ea208599159c8001f
SHA1

5f05f6352d6b06148207d8925b07c31a5824239a
SHA256

f17bf630155938324e52844f34e430d3fff628adcc420a285e8c676af84173f8
SHA512

c533b2da108d97128340450d6214fe67d3564e13d9b7f6af3bca588b9af47af3077f664ba6b3f2fd908a1f5e60253f2b0ca20c7eee4e0f5fbde1a9edc5918c9c
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLam5axRV2:V6QFElP6n+gMQMOtEvwDpjyaYaI

Score

9^/10

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
behavioral1/files/0x000c000000012253-10.dat	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
behavioral1/files/0x000c000000012253-10.dat	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2556	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2252	2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2556	2252	2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe	28
PID 2252 wrote to memory of 2556	2252	2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe	28
PID 2252 wrote to memory of 2556	2252	2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe	28
PID 2252 wrote to memory of 2556	2252	2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-28_ac9a965ca95d110ea208599159c8001f_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2556

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
40KB

MD5
49c75bbc1e0724713a1b51577a245817

SHA1
ee937d96c380e6e91a8491c6fc126caf5eddaca2

SHA256
645c378c3e16bfefc1d4010098ffba0dd2de02346afd91be6574df5f9f2d0fc8

SHA512
86059cf7a783a12aefd5ceb665ac6a9f4e20f3d1fd577f88c5541411aeb79dcc75d9bd48b7b185976058d545bb4c0d167a400a3cddc8d3316eb45f8efa084892

Download Submit
memory/2252-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2252-1-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2252-2-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2556-15-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2556-17-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download