Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 18:27
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe
-
Size
41KB
-
MD5
bc74f131f2e9ba1f6ee2076788d15c45
-
SHA1
7935cf035e6795bf32b7ce255a9df112ebb14c3b
-
SHA256
078dceb18232d73c524169fce0d61e59fe8237a8e2a7df3da30f30867b63e10b
-
SHA512
4972b934bdd20de97b57538445b02881096d99ee7909f0f5735547c9fa57f9002f58232b0bcee05c28d8d2633313e7911ac1e2bff6c853db86da7eba1eea2a8d
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaac4HK/wSvuQTCnj:X6QFElP6n+gJQMOtEvwDpjBsYK/fQ
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\asih.exe CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\asih.exe CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
Processes:
asih.exepid process 2372 asih.exe -
Loads dropped DLL 1 IoCs
Processes:
2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exepid process 2864 2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exedescription pid process target process PID 2864 wrote to memory of 2372 2864 2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe asih.exe PID 2864 wrote to memory of 2372 2864 2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe asih.exe PID 2864 wrote to memory of 2372 2864 2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe asih.exe PID 2864 wrote to memory of 2372 2864 2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe asih.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-23_bc74f131f2e9ba1f6ee2076788d15c45_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\asih.exeFilesize
42KB
MD508ea0b3a2d96bf5dc472462c5f1897a1
SHA1ce78b425f731451e4caab112a8f7f4d70c0e616f
SHA25664771b4f9d893c5e5f21d818cce82343ed073a56ac6947a505f75073ba2ce7bf
SHA5121e048c8cc6221e9215351c274520d8f59423fa24b142fa6263a912b0ee83ee41a02cbbe45892d279b10a97642606eb536a28aaad4f3b99681d94001633bf6bc0
-
memory/2372-15-0x0000000000290000-0x0000000000296000-memory.dmpFilesize
24KB
-
memory/2372-22-0x0000000000250000-0x0000000000256000-memory.dmpFilesize
24KB
-
memory/2864-0-0x00000000001E0000-0x00000000001E6000-memory.dmpFilesize
24KB
-
memory/2864-1-0x00000000002A0000-0x00000000002A6000-memory.dmpFilesize
24KB
-
memory/2864-8-0x00000000001E0000-0x00000000001E6000-memory.dmpFilesize
24KB