Analysis Overview
SHA256
4cdab9b47b6dbe7666f72b846dc067ad04e53688b9d0c144bab5d05f5cb0b5c3
Threat Level: Known bad
The file 2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker was found to be: Known bad.
Malicious Activity Summary
Detection of CryptoLocker Variants
Detection of Cryptolocker Samples
Detection of CryptoLocker Variants
Detection of Cryptolocker Samples
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:31
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detection of Cryptolocker Samples
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:31
Reported
2024-06-13 03:34
Platform
win7-20231129-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detection of Cryptolocker Samples
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\misid.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1276 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 1276 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 1276 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 1276 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe"
C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bestccc.com | udp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | bestccc.com | tcp |
| IN | 103.91.187.97:443 | tcp | |
| IN | 103.91.187.97:443 | tcp | |
| IN | 103.91.187.97:443 | tcp |
Files
memory/1276-1-0x0000000000270000-0x0000000000276000-memory.dmp
memory/1276-0-0x0000000000230000-0x0000000000236000-memory.dmp
memory/1276-8-0x0000000000230000-0x0000000000236000-memory.dmp
\Users\Admin\AppData\Local\Temp\misid.exe
| MD5 | d3a87c075cb24a008aa0095906dcc306 |
| SHA1 | d3451b90efca1b2a91ac834352cd3064606f8c8e |
| SHA256 | 0cc35e17ddb65d239339961b2b5ed5ceb98875e498a15886587a2e22dfdde602 |
| SHA512 | 48a18f4c8b7215c02f101bd89df529068f5f700c450e682ecfe29f6ebc111e2dc0e9d74efaa13141658c7598b785a48f0b414a9afe45288fa455bd323ab06d32 |
memory/3008-22-0x0000000000490000-0x0000000000496000-memory.dmp
memory/3008-15-0x00000000004D0000-0x00000000004D6000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:31
Reported
2024-06-13 03:34
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detection of Cryptolocker Samples
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\misid.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3096 wrote to memory of 4408 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 3096 wrote to memory of 4408 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
| PID 3096 wrote to memory of 4408 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\misid.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_4568ba52fc5b80a78838340ba159a9a1_cryptolocker.exe"
C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1304,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
| US | 8.8.8.8:53 | bestccc.com | udp |
Files
memory/3096-0-0x00000000006B0000-0x00000000006B6000-memory.dmp
memory/3096-2-0x0000000002080000-0x0000000002086000-memory.dmp
memory/3096-8-0x00000000006B0000-0x00000000006B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\misid.exe
| MD5 | d3a87c075cb24a008aa0095906dcc306 |
| SHA1 | d3451b90efca1b2a91ac834352cd3064606f8c8e |
| SHA256 | 0cc35e17ddb65d239339961b2b5ed5ceb98875e498a15886587a2e22dfdde602 |
| SHA512 | 48a18f4c8b7215c02f101bd89df529068f5f700c450e682ecfe29f6ebc111e2dc0e9d74efaa13141658c7598b785a48f0b414a9afe45288fa455bd323ab06d32 |
memory/4408-23-0x00000000006C0000-0x00000000006C6000-memory.dmp