7430b29d9ed433d738c3b144df6ef05bc017f1133d03640b44fcfc07084e1ab6

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe
Size

62KB
MD5

95d26e0bc6cb66693c6f4a04825433e4
SHA1

7b0e8f04882c862279e1cf5f55465c1fa3371c52
SHA256

7430b29d9ed433d738c3b144df6ef05bc017f1133d03640b44fcfc07084e1ab6
SHA512

b1e3b6870d062643cf4e2c8b568d8aa3cdbc523af419f4f0088c0517b61ef2a77446fc3f4ccbcdb4c9570a77bed3531726dc4692368271aa86e46d5df1d01745
SSDEEP

768:3Uz7yVEhs9+Hs1SQtOOtEvwDpjO9+4hdCY8EQMjpi/Wpi3B3URiLqCyLuAx8XG9R:3P+HsMQMOtEvwDpjoHy7B3g9CWuAxWg

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 5 IoCs

resource	yara_rule
behavioral1/memory/2444-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000a00000001227e-11.dat	CryptoLocker_rule2
behavioral1/memory/1092-16-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2444-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/1092-26-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 5 IoCs

resource	yara_rule
behavioral1/memory/2444-0-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000a00000001227e-11.dat	CryptoLocker_set1
behavioral1/memory/1092-16-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2444-15-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1
behavioral1/memory/1092-26-0x0000000000500000-0x000000000050B000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
1092	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2444	2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1092	2444	2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe	28
PID 2444 wrote to memory of 1092	2444	2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe	28
PID 2444 wrote to memory of 1092	2444	2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe	28
PID 2444 wrote to memory of 1092	2444	2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_95d26e0bc6cb66693c6f4a04825433e4_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
62KB

MD5
6a5c4d0fd58b49a3f8ab163236545c27

SHA1
a4e8e76cf0b778a8bdf600b43c691e502942663a

SHA256
06c61ac3b89b9884c5074498a30e8f87b64dc60ac43eb20d856ad94599545922

SHA512
4188d0083a8ceee32dc55d9b7c0f48fa51b80485c994a8ca613efe4646dd5b33d8f6be5fce2b8258414a1d014206e2736463b6496dababe0183211c524250134

Download Submit
memory/1092-16-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1092-18-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1092-19-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/1092-26-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2444-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2444-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2444-3-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2444-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2444-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download