Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 02:27
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe
-
Size
45KB
-
MD5
466a8cb0d0b1f0d2da053431fcacdd5d
-
SHA1
483866aa31ab95d531f135d3f66bd7f74dbbbfb0
-
SHA256
f76622a2a31ef560287ff8a9c7100207f0147b7445cb78eb27befc4a631889ca
-
SHA512
722ac55c3bb2a2d5fc5998e51d9d925ad25e38eb34f875970cefb3003f4adbbdc55a119fb09d70ab0b4ca28c5b1fd3c99d335085271082029971a7c60f114dca
-
SSDEEP
768:P6LsoVEeegiZPvEhHSP+gp/QtOOtEvwDpjBBMLZdzuqpXsiE8Wq/DpkH9:P6Q0ElP6G+gJQMOtEvwDpjB8WMls9
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/2980-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2976-16-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2980-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000b0000000153c7-14.dat CryptoLocker_rule2 behavioral1/memory/2976-26-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/2980-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/2976-16-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/2980-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000b0000000153c7-14.dat CryptoLocker_set1 behavioral1/memory/2976-26-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2976 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2980 2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2980 wrote to memory of 2976 2980 2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe 28 PID 2980 wrote to memory of 2976 2980 2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe 28 PID 2980 wrote to memory of 2976 2980 2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe 28 PID 2980 wrote to memory of 2976 2980 2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-11_466a8cb0d0b1f0d2da053431fcacdd5d_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5d3aee75fda8e407cacd6626c079dc083
SHA10f70155ddc2dec5ea6ef8de998ff4b50963e3c61
SHA2564fff08817675d837c22dd23d2b82c43e9b531185f0f665ccb6bc7ac5b929b8bb
SHA512c7a7e3c757177a3e5a641b6c42eb80cc201c89a937d83ec77a73e790a79797b953c1285cab98d8d810420e592a619329c2f5b4fb28e04c58fd0877f53cf5fae4