Analysis

  • max time kernel
    180s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 12:38

General

  • Target

    2024-04-19_699a61ce52dfd297f0d6de546e3a3d38_cryptolocker.exe

  • Size

    67KB

  • MD5

    699a61ce52dfd297f0d6de546e3a3d38

  • SHA1

    194a1cd9d4f485e0e431bd14fd131fa5f1f1abaf

  • SHA256

    071165a2122c9b03ee606c7e72dcb6e6f0632a1ff2a6fd6ed3493fd0ce7a85fc

  • SHA512

    f16167522156fa28cde50ebefacfae110701987ba71f89fefa3da6cbfad82eeaa88c1b5b53d37462876e3b342d30ab7260f7e60838a23da33c9a5fd7eed13115

  • SSDEEP

    768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRXrZSUNsYD/6:i5nkFGMOtEvwDpjNbwQEI8UZDC

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-19_699a61ce52dfd297f0d6de546e3a3d38_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-19_699a61ce52dfd297f0d6de546e3a3d38_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2708

Network

  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
    Response
    bestccc.com
    IN A
    103.14.121.240
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    misid.exe
  • 8.8.8.8:53
    bestccc.com
    dns
    misid.exe
    57 B
    73 B
    1
    1

    DNS Request

    bestccc.com

    DNS Response

    103.14.121.240

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    67KB

    MD5

    aba3634f5a1f266cd2741ad4ab174cf4

    SHA1

    15a8bef2bc6f4f9d90c7e9d86e7cc8256c988b4b

    SHA256

    16490404c2055293573edae2fddbb1659dfccbef8b33c692b617409aed385aba

    SHA512

    0a60346019e70ab5290ccc6ecacc5b81821ee60f25dd6d1f03d898469b7f17a45d55e2f7bbb65e7d59aab80cb8c17631352d2f3c07cf87177903fc791a2e921b

  • memory/2104-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2104-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2104-2-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

  • memory/2104-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2104-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2708-16-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2708-18-0x0000000001C90000-0x0000000001C96000-memory.dmp

    Filesize

    24KB

  • memory/2708-25-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

  • memory/2708-26-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.