Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 02:30
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe
-
Size
73KB
-
MD5
4343130078e7b0916272a1ef4bb973ff
-
SHA1
129c725ad4ffde537ecf0325013aeee0de949d66
-
SHA256
6bdc380b9bec289e536d5dc07cfac29457a9c783cb42cc6a21e08cd6da60e9b2
-
SHA512
97c73b022162c30a3b0fa3c14a1e220fe935e29a1c22dae3fa89604f563e5c53d76802f54762a2729c8b2126dc65d6177677fbe1fd61b1d79eabf1d6b930f5af
-
SSDEEP
768:u6LsoEEeegiZPvEhHSG+gZgtOOtEvwDpjeY10Y/YMsZ:u6QFElP6n+gWMOtEvwDpjJGYQbZ
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\asih.exe CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\asih.exe CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
Processes:
asih.exepid process 2432 asih.exe -
Loads dropped DLL 1 IoCs
Processes:
2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exepid process 2964 2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exedescription pid process target process PID 2964 wrote to memory of 2432 2964 2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe asih.exe PID 2964 wrote to memory of 2432 2964 2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe asih.exe PID 2964 wrote to memory of 2432 2964 2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe asih.exe PID 2964 wrote to memory of 2432 2964 2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe asih.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-22_4343130078e7b0916272a1ef4bb973ff_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\asih.exeFilesize
73KB
MD52f89881ebd841926086112dbe67a0d7c
SHA127bb28be4fe09065c8c828b4b9ab3e2dc12641fa
SHA256f9ea87cb6b61ccd974c0c5404f55190d5c13ec4667ed9cf5074ffd0ba29b2b55
SHA5120deadbd7824f659a87c3cece489279c26335efc01251349a029abfe3c2f472f7f2861c7c3217157e039d47615c12eec74c76378883145fe4b7a06a2be3c97ee6
-
memory/2432-15-0x0000000000380000-0x0000000000386000-memory.dmpFilesize
24KB
-
memory/2964-0-0x0000000000240000-0x0000000000246000-memory.dmpFilesize
24KB
-
memory/2964-1-0x0000000000290000-0x0000000000296000-memory.dmpFilesize
24KB
-
memory/2964-8-0x0000000000240000-0x0000000000246000-memory.dmpFilesize
24KB