2f02c5188c0af0310303a70721da161b028a71ef3af7a0f91f7a8f82b6e064a5

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 06:02

Target

2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe
Size

55KB
MD5

752cf02503bf440a54cb584e4bf08433
SHA1

631a3e27ea5c228b22a49e9a0b07de12a6d3577f
SHA256

2f02c5188c0af0310303a70721da161b028a71ef3af7a0f91f7a8f82b6e064a5
SHA512

fefbc3b2462f890359fceb37ed50de0fbea0309a145e4c23cbf9d2aa5a97cd4cea6780457b6d734cc62afc4b16601a6b00c8ffb2e0300c51337e507b94344c4b
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vaTiSfQaV2LJk:X6QFElP6n+gJBMOtEvwDpjBtE1yILJk

Score

9^/10

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
behavioral1/files/0x000a0000000143fa-10.dat	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
behavioral1/files/0x000a0000000143fa-10.dat	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
1984	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1980	2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1984	1980	2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe	28
PID 1980 wrote to memory of 1984	1980	2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe	28
PID 1980 wrote to memory of 1984	1980	2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe	28
PID 1980 wrote to memory of 1984	1980	2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-15_752cf02503bf440a54cb584e4bf08433_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1984

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
48cd5f557495ed73a9d572d4a35a9992

SHA1
b6a945757f2f2a956d980584a227306003da1d26

SHA256
ef26b43d672c41062225c23dda02be8c3d6b7b61932a4e3e632ee6f2c0127a73

SHA512
4a3f6af66f2663f1bd67fa2e3ef7848e07918716326dcdc203bc34959522805d4303206bf1413dfc4acaec422131ca34322e94d6c1213f178b5a3ba2b0f764c0

Download Submit
memory/1980-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1980-1-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/1980-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1984-15-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/1984-17-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download