2c512e9473427d26988cf4e6eb3efd8b67d1380ed3a9b4b93ae6d0ab4360457a

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe
Size

44KB
MD5

0f6ac0ab3c85c5c895eb408e1c1aee5c
SHA1

a33d4f94005b9c73d39230190b6184e3392731bc
SHA256

2c512e9473427d26988cf4e6eb3efd8b67d1380ed3a9b4b93ae6d0ab4360457a
SHA512

7da1db972e7077bdba6db4afdd433dc5340b8e2bddad4c4854141febfd25e31f8710c347ed9a5e5969e3b3f820e6a41c9a782d09c9e43838dc4f7fcbe64e062c
SSDEEP

768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPoy:P6QFElP6k+MRQMOtEvwDpjBQpVXzy

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 6 IoCs

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2236-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2236-13-0x0000000001D00000-0x0000000001D0B000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x0009000000012259-16.dat	CryptoLocker_rule2
behavioral1/memory/2132-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2132-28-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 6 IoCs

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2236-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2236-13-0x0000000001D00000-0x0000000001D0B000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x0009000000012259-16.dat	CryptoLocker_set1
behavioral1/memory/2132-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2132-28-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2132	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2236	2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2132	2236	2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe	28
PID 2236 wrote to memory of 2132	2236	2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe	28
PID 2236 wrote to memory of 2132	2236	2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe	28
PID 2236 wrote to memory of 2132	2236	2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-05_0f6ac0ab3c85c5c895eb408e1c1aee5c_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
71b516df093d36fadefb1c2cfa571fb6

SHA1
c082fdd67e682f2b9f061cb97070e7806a06d144

SHA256
0720a1a6ee9c33657bca35384d2922c3f53166d0933d8b5c8554ddeaa5f15313

SHA512
a982dc5cf1762f1cf50d08b311c4ad85ab45476c59b07648e63ed1e680ff24e4cb4951f596331170650ddb8b83a07c33b81f8f1b5c17d22fc641c3ac81d67f4a

Download Submit
memory/2132-17-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2132-19-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2132-23-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2132-28-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2236-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2236-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2236-2-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2236-3-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2236-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2236-13-0x0000000001D00000-0x0000000001D0B000-memory.dmp

Filesize
44KB

Download
memory/2236-27-0x0000000001D00000-0x0000000001D0B000-memory.dmp

Filesize
44KB

Download