6ea7f70ca22c44f5771eef4e0bcd9bd0ffb181de3b02a6f52674973df89e5e72

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe
Size

62KB
MD5

b380169897a5a15e0c9635f8bfb69ec6
SHA1

3e2a96d4638f0607646ca07192c71fe2c5ee8bed
SHA256

6ea7f70ca22c44f5771eef4e0bcd9bd0ffb181de3b02a6f52674973df89e5e72
SHA512

470b4c0eb92b87c17511c1904bd4d4c72883fe1018db39d52de7c2a19b1fc657c535e621981549ab1bc37f9087f56ef47c4832d8e389625a93084617fa453e2c
SSDEEP

768:3Uz7yVEhs9+Hs1SQtOOtEvwDpjO9+4hdCY8EQMjpi/Wpi3B3URiLqCyLuAx8XG95:3P+HsMQMOtEvwDpjoHy7B3g9CWuAxWBK

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2280-8-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
\Users\Admin\AppData\Local\Temp\misid.exe	CryptoLocker_rule2
behavioral1/memory/2280-13-0x0000000001DE0000-0x0000000001DEB000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2624-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2624-26-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2280-8-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
\Users\Admin\AppData\Local\Temp\misid.exe	CryptoLocker_set1
behavioral1/memory/2280-13-0x0000000001DE0000-0x0000000001DEB000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2624-17-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2624-26-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

Processes:

misid.exe

pid process

2624 misid.exe
Loads dropped DLL 1 IoCs

Processes:

2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe

pid process

2280 2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2624	misid.exe

pid	process
2280	2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe

description	pid	process	target process
PID 2280 wrote to memory of 2624	2280	2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe	misid.exe
PID 2280 wrote to memory of 2624	2280	2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe	misid.exe
PID 2280 wrote to memory of 2624	2280	2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe	misid.exe
PID 2280 wrote to memory of 2624	2280	2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe	misid.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-22_b380169897a5a15e0c9635f8bfb69ec6_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2280

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
2⤵
- Executes dropped EXE
PID:2624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe
Filesize
62KB

MD5
4e9cb4dc1c573691a4d6c75bf8b2d1dd

SHA1
fd22b782c29e9156c5cfd7c242a3e285b2ca92ad

SHA256
48e4c5ec29d8cfc97bce5467ae006f8ca1d2f566be5f5a6aa319c8d519fce8fb

SHA512
8a86ad8e6bfc25d0522e4b2a49a2ebc2d6e580fe278c9659d3795a7adddebc8690d46ee5b9a5f1052675225444ea2cdaf1de4ce1828b70eaa3ef0daf817e0aaa

Download Submit
memory/2280-1-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/2280-0-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2280-9-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2280-8-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2280-13-0x0000000001DE0000-0x0000000001DEB000-memory.dmp

Filesize
44KB

Download
memory/2624-17-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2624-18-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2624-25-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2624-26-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download