28a989861b4fd110b9fe9dd78c00abfbcf4000655730f6910cd72c720db6f9d6

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe
Size

45KB
MD5

5901e828156d4e1a2b31a5171c453589
SHA1

a42acb15d56a0eafe3aa61614a62bf5cef90c1d1
SHA256

28a989861b4fd110b9fe9dd78c00abfbcf4000655730f6910cd72c720db6f9d6
SHA512

29994f516baccd2a1293ffd84558f24ea81238d284af0710f3a5f52da4462ecf9ea3c07f7dd329c1503e0c6101b1add544790f78514c31328d7893f0c07ac067
SSDEEP

768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPKT:P6QFElP6k+MRQMOtEvwDpjBQpVXfT

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 6 IoCs

resource	yara_rule
behavioral1/memory/1196-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000b00000001224f-11.dat	CryptoLocker_rule2
behavioral1/memory/1196-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1996-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1196-13-0x0000000000420000-0x000000000042B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1996-27-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 6 IoCs

resource	yara_rule
behavioral1/memory/1196-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000b00000001224f-11.dat	CryptoLocker_set1
behavioral1/memory/1196-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1996-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1196-13-0x0000000000420000-0x000000000042B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1996-27-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
1996	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1196	2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1996	1196	2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe	28
PID 1196 wrote to memory of 1996	1196	2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe	28
PID 1196 wrote to memory of 1996	1196	2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe	28
PID 1196 wrote to memory of 1996	1196	2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-25_5901e828156d4e1a2b31a5171c453589_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
3f93e2ff7ca778003e5174826c07cf88

SHA1
5856679b2bca2510d3256a92c79f592f4fb16f24

SHA256
5e685c1c480b60133f48ee19000e04caeeba60f74944aa81b78958b3e45c52dd

SHA512
1c5d00c1b753b40c836711b2acea20179ed03d353ce338728e742974a2b771271a02d89504845d5c8fa1772442324c1d887e1c0fffa9135e47b13565e19a96bc

Download Submit
memory/1196-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1196-1-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1196-2-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1196-9-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1196-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1196-13-0x0000000000420000-0x000000000042B000-memory.dmp

Filesize
44KB

Download
memory/1996-17-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1996-19-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/1996-21-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1996-27-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download