Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 04:46

General

  • Target

    2024-06-02_c6e2575af2bc37db023551ce04606835_cryptolocker.exe

  • Size

    50KB

  • MD5

    c6e2575af2bc37db023551ce04606835

  • SHA1

    8b3c5c367cc85ff75c02aaba15d7c613e7d9cb90

  • SHA256

    9f20d4f5908416e71943749e75a4b08fca964c87e6a93a233b81cdf792fd4f65

  • SHA512

    61033f93fdabff873e08a59be936fea88b343b3cad174471a8dbc5a02f569481dc063c7260ecef3d637329c224612580ab06c4bead16adfcbd210fd2baae0c0c

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaEqbIu55id3AMWZa1:X6QFElP6n+gJQMOtEvwDpjB0GIWiWLw1

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-02_c6e2575af2bc37db023551ce04606835_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-02_c6e2575af2bc37db023551ce04606835_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2984

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe

          Filesize

          50KB

          MD5

          ecd2085322991c5e2c7e82d3ecaab50b

          SHA1

          1fd503434b389d90eb6dcbdb16641df857e24fd1

          SHA256

          1457c61b6be61d43d5abf9d32ccb1f7c50cc319061ec9cd9f8e4470c4352d92f

          SHA512

          bb7346da0dbf6280e0177aad9cdedd670323967c5ec54c4d18c07ce367dab10a9e191fff086b854c93bb4057a152faa72f6d1ec843418081536457c14898f185

        • memory/2984-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

        • memory/3000-0-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

        • memory/3000-1-0x0000000000310000-0x0000000000316000-memory.dmp

          Filesize

          24KB

        • memory/3000-8-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB