Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe
-
Size
49KB
-
MD5
038f624ec719ef7249d943f1eaddcf1e
-
SHA1
ba1e358f1ae64cb8e49f6ebcae939dc924dd6770
-
SHA256
c6664951962325b445189b178c59a5af0ba0af4096d9cbcb81acf90619b515b8
-
SHA512
1a8c0dba4cb2e911f6e7cf27dc913d70556a3ac4bd7e5795f166bb196dffcc028484047ff92df8f3ff71455d5f8c44b383e020c82308cc161648f84266cb9ffc
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vdXfN:X6QFElP6n+gJBMOtEvwDpjBtEdXfN
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000e00000001226b-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000e00000001226b-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2424 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2956 2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2956 wrote to memory of 2424 2956 2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe 28 PID 2956 wrote to memory of 2424 2956 2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe 28 PID 2956 wrote to memory of 2424 2956 2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe 28 PID 2956 wrote to memory of 2424 2956 2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-31_038f624ec719ef7249d943f1eaddcf1e_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD541111690336ac1c727fa504170b83ca9
SHA1a2f3e074a1f16b7448df1bc2c5a98e6d1bf51d17
SHA256a870aa04cffb7a957aab99c8eab82bbe6f071d4b065ec9b736ee3ed5d5eb26c1
SHA512dbb2496e4f53eebd56e39832dd4aedf05d33fd755fa0c99c35b7492c2afc613b02b80a8268b70003f7105b778e194e3b8a36f8b8af7cda395a29a003dd23e1d8