5d8dcc756315675d07527a19c1d428aa884bafcb3bf8c7142c82888c95f67f89

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/04/2024, 14:52

Target

2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe
Size

39KB
MD5

5991894238c8c3b36da2100a51b13433
SHA1

306fd8869847e47614fa186e5225fa9f176bdfac
SHA256

5d8dcc756315675d07527a19c1d428aa884bafcb3bf8c7142c82888c95f67f89
SHA512

9dc1b4e3429c901a56d1e750d2196104955d1eda3d4761c4167d132d70ebe4359685ac3177670302a0321c33967d71eaa5e3722dbfe844394953334658a4b1f0
SSDEEP

768:bA74zYcgT/Ekd0ryfjPIunqpeNswmxT4Hmi:bA6YcA/X6G0W1BGi

Score

9^/10

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
behavioral1/files/0x000c00000001224f-10.dat	CryptoLocker_rule2

Executes dropped EXE 1 IoCs

pid	Process
2292	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2004	2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2292	2004	2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe	28
PID 2004 wrote to memory of 2292	2004	2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe	28
PID 2004 wrote to memory of 2292	2004	2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe	28
PID 2004 wrote to memory of 2292	2004	2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-25_5991894238c8c3b36da2100a51b13433_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2292

\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
39KB

MD5
1f92619b3ab70b3c11f0ece4659ae456

SHA1
fdfe3293e4ddecb1725a6bd3862f3ac0e37225e7

SHA256
a027148d724972a6c622ea005729c587becf1eac17cc64542ce717df728d36a5

SHA512
cb865bef59b2b48993f4dd538880144bc4ab0e36508ae9902d6c6867c4e50280af03ee9a2a8096c835692edb1d523b325852001dbe223a35362a62cad58eb233

Download Submit
memory/2004-0-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2004-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2004-2-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2292-15-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2292-17-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download