Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
06/06/2024, 21:36
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe
-
Size
82KB
-
MD5
cda8a85a2e9271f6e36b0105f9e81c45
-
SHA1
d28aff7e953da0b1e5d23ce66f24c4da29fad715
-
SHA256
27da47535ed752826075a7164ee125af148c7c8450edc29ee7ade52592a4a6f2
-
SHA512
e6b854bf893d4f9c2d0774982c9ef9f48627d969412005f70a1ee2e42d4454eb6bbb1bb0e9c0dc0b92b2d1c41bb02cb35acf98f2feb2a7c6a0a08aced1c96d5c
-
SSDEEP
1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMMr3Y:TCjsIOtEvwDpj5HE/OUHnSMe
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/2280-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x00090000000122ee-11.dat CryptoLocker_rule2 behavioral1/memory/2624-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2280-15-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2624-26-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/2280-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/files/0x00090000000122ee-11.dat CryptoLocker_set1 behavioral1/memory/2624-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2280-15-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2624-26-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2624 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2280 2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2280 wrote to memory of 2624 2280 2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe 28 PID 2280 wrote to memory of 2624 2280 2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe 28 PID 2280 wrote to memory of 2624 2280 2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe 28 PID 2280 wrote to memory of 2624 2280 2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-06_cda8a85a2e9271f6e36b0105f9e81c45_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2624
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5afea4ab42f0ddaa662b383c3a3af209b
SHA10598e21c2eb73cf8e6a6120a90d90f6f4456e81f
SHA256df57eaa20d830bab09d10fc7999103bed7593a98c08015632da1630762350bc4
SHA512949f2fb8c652234201cced585bca39714776b233cca1e84db0f066f56c2415c0fd70696712c831ba04716676be31ce19a42b80b21518777318094f052e9ec2c4