Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/03/2024, 03:00
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe
-
Size
162KB
-
MD5
6ba8e7870941355f5bdf917f6e20a97b
-
SHA1
1936a986abf35ae0149ccd2614a71bfb3e7db54a
-
SHA256
cbf1de2898f5c3ff7a19a2f98f6e9ad63107b081f9cfe649529d3fdc3e26787f
-
SHA512
2a844c055e2327f6251c89e5b81b9bed20c79bf9b393145c518cf26f87846b42b33b9f7a88a5cfc8bcab49ba4e6f91c853ecb93f83791f2d4b45d35924348571
-
SSDEEP
1536:u6QFElP6n+gWMOtEvwDpjJGYQbN/PKwNgp699GNtL1emmbb:u6a++OtEvwDpj6zL
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000700000001227e-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000700000001227e-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 1932 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2180 2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2180 wrote to memory of 1932 2180 2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe 28 PID 2180 wrote to memory of 1932 2180 2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe 28 PID 2180 wrote to memory of 1932 2180 2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe 28 PID 2180 wrote to memory of 1932 2180 2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_6ba8e7870941355f5bdf917f6e20a97b_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:1932
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
162KB
MD50263eca80bc704c506e4dfe341461b37
SHA1d1258bc66d1bdba28ef8103bc28e52ddfee6115b
SHA25601ce6ee065ab023a1a9b6bf050298fd2636cfe964b1e168b3c41e9189d23c39f
SHA51248d4faa349d60f95cc8bd55bece482d5edeb72edc96b5fb987cc258586d2248405a3d25ebe8e1fadccfa85a63f06a61bd18ee7dc8e7ce537414b6d0998f8fa1c