Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 03:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe
-
Size
42KB
-
MD5
070d2a1d9389a02bc9f72bb5f389cd60
-
SHA1
66419e36a3fb178a56c0a0eb737aaac7ab32aaf7
-
SHA256
899a4974c90abc6497ba8c0166f6480694aa34b14819ea541d44ed55ae6cd829
-
SHA512
2a9ad18495ac8200006d1b52316ec6835586e3284d57f6ad61f5bac7817c82ec88595e92df9642680d9d9821b65c394b444b6c7a5acd6ba583a30f46433f713f
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaac4HK/wSvuQTCnm:X6QFElP6n+gJQMOtEvwDpjBsYK/fB
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x0009000000012280-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x0009000000012280-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2912 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2240 2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2240 wrote to memory of 2912 2240 2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe 28 PID 2240 wrote to memory of 2912 2240 2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe 28 PID 2240 wrote to memory of 2912 2240 2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe 28 PID 2240 wrote to memory of 2912 2240 2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-11_070d2a1d9389a02bc9f72bb5f389cd60_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD586c9a6adf9e59e67df48074506eedf1d
SHA1c87df3d3a0568a6737b415e801a50369599043b1
SHA2569ec50356f75a83f776d1b5771f3cc3de99611ab6d98a43e0dc26765cecdf0fd9
SHA5122340d7f0a1fd7ee3a3ea7ab46aaeb6bb9b4c273372722294968909b4624ca51b8ed48d6c29571d5c9bf28f24b21213390ce97ac309882b70906b08108ee439f1