Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
15/04/2024, 05:57
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe
Resource
win10v2004-20240412-en
General
-
Target
2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe
-
Size
45KB
-
MD5
665255e762a067294187b710d597b02d
-
SHA1
7d6672e70566e35cfea51dabe8fb8aa9c2d2f2d0
-
SHA256
bfe30715ca067dab1ae2337ea6be50fbc7b634018a5711694e2c949221578c6b
-
SHA512
cfd2261259f524d829344d001ea42d0b8965f90f1f0426a566dd1a365ae4a6ae7a3f8cc378d183ac2ff56358d138d9988a69b05b6cadb798674c36c460fb41a0
-
SSDEEP
768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPo/:P6QFElP6k+MRQMOtEvwDpjBQpVXz/
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/2228-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000c000000012306-11.dat CryptoLocker_rule2 behavioral1/memory/2228-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2216-16-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2216-26-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/2228-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000c000000012306-11.dat CryptoLocker_set1 behavioral1/memory/2228-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/2216-16-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/2216-26-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2216 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2228 2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2216 2228 2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe 28 PID 2228 wrote to memory of 2216 2228 2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe 28 PID 2228 wrote to memory of 2216 2228 2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe 28 PID 2228 wrote to memory of 2216 2228 2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-15_665255e762a067294187b710d597b02d_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2216
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5d93da2175dd616f0b6a4b6a90532dd82
SHA16da084d474ef23b95402a9e5088f41d9385518ab
SHA256a78c95faf624503c8b514a8089b0e44840775a200c3e5a46767710f581f73be9
SHA5121bb75c92464f1987bbe4dbd638d504bad6f8185e20738c0db06ce9ff2b3077a11b3f31508f72921187307540948d2fd919e4a657afd651e83d93d18a9d68caf0