ef364cb12a351a9a93d8d4179fb89b8aa7b7c0c0d6cb6738716f5ca94fb83cdd

Analysis

max time kernel
149s
max time network
156s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe
Size

42KB
MD5

8cf601eadb1a0bfbca3ec7fb4bb13150
SHA1

2b04ca45530e9af10e188f38332121dd39e2c9e0
SHA256

ef364cb12a351a9a93d8d4179fb89b8aa7b7c0c0d6cb6738716f5ca94fb83cdd
SHA512

cd178d6349c939583265b4fbde61f114b1dcbbb8672e001d57f101738e0a2d87c54ce6d0adfc12a690e8b7f40c0d3803999d06c2d667ae762636910323328349
SSDEEP

768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAeC:bCDOw9aMDooc+vAN

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 5 IoCs

resource	yara_rule
behavioral1/memory/2228-1-0x0000000008000000-0x000000000800A000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x0009000000016d24-11.dat	CryptoLocker_rule2
behavioral1/memory/2356-17-0x0000000008000000-0x000000000800A000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2228-16-0x0000000008000000-0x000000000800A000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2356-27-0x0000000008000000-0x000000000800A000-memory.dmp	CryptoLocker_rule2

Executes dropped EXE 1 IoCs

pid	Process
2356	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2228	2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2356	2228	2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe	30
PID 2228 wrote to memory of 2356	2228	2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe	30
PID 2228 wrote to memory of 2356	2228	2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe	30
PID 2228 wrote to memory of 2356	2228	2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-31_8cf601eadb1a0bfbca3ec7fb4bb13150_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
42KB

MD5
8241433761c4984d3bc0a959aecc6355

SHA1
a71ef1e38cba36ffe12189e9f831f9d983043447

SHA256
ce3a8032db8d8e6d36bb2d966b2f4c4e9320baeb1992684f059672ac882f580d

SHA512
cd23c379e8cccdb9102fc4291146c581757aa4cdd30d0882f29b89032fb883aac59aac90f58438383bbe8377ef323e06c62038d9de95c3c9e4f36ba4d0986545

Download Submit
memory/2228-2-0x0000000000550000-0x0000000000556000-memory.dmp

Filesize
24KB

Download
memory/2228-1-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2228-0-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2228-9-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2228-13-0x0000000001EA0000-0x0000000001EAA000-memory.dmp

Filesize
40KB

Download
memory/2228-16-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2356-17-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2356-19-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2356-26-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2356-27-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download