25cbfce377792b02ffb0dd13b2a9538eccccb5a72cdba7b02071533ca0d9112a

Analysis

max time kernel
133s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe
Size

44KB
MD5

5baba1de26affa299ceea84f9048d0f4
SHA1

0e0fe802170684cf7ec62fbb5d44059b87db6711
SHA256

25cbfce377792b02ffb0dd13b2a9538eccccb5a72cdba7b02071533ca0d9112a
SHA512

2db91d256f8d4f383a422958447b28e87d85dd93cca0a06fb08ff15e74ee0502dd0fc6ab2e06fe857d9eb897004ab464ac2acde20f7b116fdaa39e4bbfbdf24f
SSDEEP

768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPoT:P6QFElP6k+MRQMOtEvwDpjBQpVXzT

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 6 IoCs

resource	yara_rule
behavioral1/memory/1640-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000900000001223d-11.dat	CryptoLocker_rule2
behavioral1/memory/1640-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2040-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1640-12-0x0000000000640000-0x000000000064B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2040-27-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 6 IoCs

resource	yara_rule
behavioral1/memory/1640-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000900000001223d-11.dat	CryptoLocker_set1
behavioral1/memory/1640-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2040-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1640-12-0x0000000000640000-0x000000000064B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2040-27-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2040	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1640	2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2040	1640	2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe	28
PID 1640 wrote to memory of 2040	1640	2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe	28
PID 1640 wrote to memory of 2040	1640	2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe	28
PID 1640 wrote to memory of 2040	1640	2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-28_5baba1de26affa299ceea84f9048d0f4_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
275337c4f573b21b3b2860a457a35c8f

SHA1
d099efb751b76a7d7d0a977fc33676b9ffe0fc07

SHA256
a9255dcebb9d0a1fdb3415d0fcf97709134f672fa70d456c0d8294ceee16ea8f

SHA512
fc316bc5cc7a4b5e5845af9e93e92aaa0dbf7e8fde79e06ab68474595a52d51acc7bedecb40251d68c38683c4b492ffb9053a5765a9ae2a3760633b623f36116

Download Submit
memory/1640-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1640-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1640-2-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/1640-8-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1640-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1640-12-0x0000000000640000-0x000000000064B000-memory.dmp

Filesize
44KB

Download
memory/2040-17-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2040-20-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2040-19-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2040-27-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download