Analysis Overview
SHA256
a3954fdbaffd74c474a3af245900c83b017bcd4699314c8f21d7197479f34a91
Threat Level: Known bad
The file 2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker was found to be: Known bad.
Malicious Activity Summary
Detection of CryptoLocker Variants
Detection of CryptoLocker Variants
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:12
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:12
Reported
2024-06-12 17:15
Platform
win7-20240221-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\misid.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2168 wrote to memory of 2596 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 2168 wrote to memory of 2596 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 2168 wrote to memory of 2596 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 2168 wrote to memory of 2596 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe"
C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bestccc.com | udp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
Files
memory/2168-0-0x0000000000240000-0x0000000000246000-memory.dmp
memory/2168-8-0x0000000000230000-0x0000000000236000-memory.dmp
memory/2168-9-0x0000000000240000-0x0000000000246000-memory.dmp
memory/2168-1-0x0000000000310000-0x0000000000316000-memory.dmp
\Users\Admin\AppData\Local\Temp\misid.exe
| MD5 | 3f02029863948d49c33ff9e9e324488f |
| SHA1 | 85fc2c2871b4a53474410af836d88e299d083923 |
| SHA256 | 13bfe39f56efc483b7efc0b7aa997640e6ac90fe0d94e31aafa8c88c1d33752e |
| SHA512 | 9128bf1a0dcae978b954010c883056edfb4f3556f998f36cf418707872188144ffdad12c1a101b1cdf0c05f5978f317664f097b369084d09748cca0bc53db9c5 |
memory/2596-16-0x00000000004D0000-0x00000000004D6000-memory.dmp
memory/2596-23-0x0000000000230000-0x0000000000236000-memory.dmp
memory/2596-24-0x0000000000230000-0x0000000000236000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:12
Reported
2024-06-12 17:15
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\misid.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2248 wrote to memory of 3972 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 2248 wrote to memory of 3972 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 2248 wrote to memory of 3972 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_9439a0c4a7880e6d9843517b732e9694_cryptolocker.exe"
C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
Files
memory/2248-0-0x0000000000410000-0x0000000000420000-memory.dmp
memory/2248-1-0x00000000004E0000-0x00000000004E6000-memory.dmp
memory/2248-2-0x0000000000510000-0x0000000000516000-memory.dmp
memory/2248-9-0x00000000004E0000-0x00000000004E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\misid.exe
| MD5 | 3f02029863948d49c33ff9e9e324488f |
| SHA1 | 85fc2c2871b4a53474410af836d88e299d083923 |
| SHA256 | 13bfe39f56efc483b7efc0b7aa997640e6ac90fe0d94e31aafa8c88c1d33752e |
| SHA512 | 9128bf1a0dcae978b954010c883056edfb4f3556f998f36cf418707872188144ffdad12c1a101b1cdf0c05f5978f317664f097b369084d09748cca0bc53db9c5 |
memory/3972-17-0x00000000004F0000-0x00000000004F3000-memory.dmp
memory/3972-25-0x0000000002060000-0x0000000002066000-memory.dmp
memory/3972-19-0x0000000002080000-0x0000000002086000-memory.dmp
memory/3972-26-0x00000000004F0000-0x00000000004F3000-memory.dmp