Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31-05-2024 05:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe
-
Size
87KB
-
MD5
417693c8f3a2cb19c9c849ef353314ce
-
SHA1
e2bc2a0963232b589eb4ad3d40914210f52d88ae
-
SHA256
32e02b8499fffcd01d4aa2b70047af629ef922b138ba4a59a01d0112e528e4e2
-
SHA512
24b337e86ebb68e0f7cd29094364d56a20807d76665b5970fcfc4da9015380cf6c672cebc242225fecf889f0735502f2a563487c1bfb410d394de7480abc992b
-
SSDEEP
1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfWafHNBlm:vCjsIOtEvwDpj5H9YvQd2o
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000d00000001232e-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000d00000001232e-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 3056 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2880 2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2880 wrote to memory of 3056 2880 2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe 28 PID 2880 wrote to memory of 3056 2880 2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe 28 PID 2880 wrote to memory of 3056 2880 2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe 28 PID 2880 wrote to memory of 3056 2880 2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-31_417693c8f3a2cb19c9c849ef353314ce_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:3056
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD580745e9af8ba6c6ab1711934d222e4e5
SHA131ab193c6580170d612f01765468ed4be241c943
SHA256f7a65fc55ab75546101c087fa31e42b7133086bed5a27fbb8d06a669df8c3eeb
SHA5125a530af1c572dfd7bc0f812110c601a93305542aa3c55e25dbb23424760fca34acd092b04244d2bbb4f073db59bebe46541eb22536b6bf568bcd3e0b4afc0173