abf4f50736337aa7b09895e57ec41ea9e3d6e68440dd7883ff350b307f201ab7

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 02:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe
Size

62KB
MD5

457f7951dda57d63b91d77b7f02f4391
SHA1

3e3d6826cec0d8631a55b12cd5c9f9ef4cb9ae7f
SHA256

abf4f50736337aa7b09895e57ec41ea9e3d6e68440dd7883ff350b307f201ab7
SHA512

a898b478c53d9764d7c3d05fd2ce2676316059da19016a35d6ad284093c485418e4c295587d33fce1eb05be50a042f0339e4c5f7bbdc8ebbf7e75dc661e9b4a2
SSDEEP

768:3Uz7yVEhs9+Hs1SQtOOtEvwDpjO9+4hdCY8EQMjpi/Wpi3B3URiLqCyLuAx8XG9V:3P+HsMQMOtEvwDpjoHy7B3g9CWuAxWBO

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 5 IoCs

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2744-16-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x001000000001226b-15.dat	CryptoLocker_rule2
behavioral1/memory/1636-14-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2744-26-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 5 IoCs

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2744-16-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x001000000001226b-15.dat	CryptoLocker_set1
behavioral1/memory/1636-14-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2744-26-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2744	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2744	1636	2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe	28
PID 1636 wrote to memory of 2744	1636	2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe	28
PID 1636 wrote to memory of 2744	1636	2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe	28
PID 1636 wrote to memory of 2744	1636	2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-31_457f7951dda57d63b91d77b7f02f4391_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
8c0b0e863bf56a9ca2c962311905ffe0

SHA1
e7aaf202b91beb7f75afbf99a3a8dea57e57f62d

SHA256
b430d613afb25ef4cdde94f465ebf7ac7911a3f6dc0d53261770199c576512c9

SHA512
515ea498fce55e0cade788f24aa25cee2e5c3c05141fd3dbe52d7f645eada806aea870b6ef2cf3d692f4177e70ccf1f59b110cfdde6e2430df6fed03e8394b9b

Download Submit
memory/1636-1-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/1636-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1636-2-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/1636-9-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/1636-14-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2744-16-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2744-18-0x0000000000890000-0x0000000000896000-memory.dmp

Filesize
24KB

Download
memory/2744-25-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/2744-26-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download