7161de4113399ba7d91160214b441041c7c828095d6b0cb6cdc57d312679a289

Analysis

max time kernel
144s
max time network
154s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe
Size

86KB
MD5

f402cafba10d0e2be96fdf78d0429b57
SHA1

72881e621405d112ba02aef6d774ff40f1e864bb
SHA256

7161de4113399ba7d91160214b441041c7c828095d6b0cb6cdc57d312679a289
SHA512

73e8421d9c523e35019fabc6fa1cce870491186a9f57c789db4f107dd5beb020e0de84062253a4daf2de6cbd329e6e4b297a941a9ee0790d0b7c2195866dd341
SSDEEP

1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMMrC+35:TCjsIOtEvwDpj5HE/OUHnSM/

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 5 IoCs

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2
behavioral1/files/0x000a0000000122ec-11.dat	CryptoLocker_rule2
behavioral1/memory/2208-15-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2192-16-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2
behavioral1/memory/2192-26-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_rule2

Detection of Cryptolocker Samples 5 IoCs

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1
behavioral1/files/0x000a0000000122ec-11.dat	CryptoLocker_set1
behavioral1/memory/2208-15-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2192-16-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1
behavioral1/memory/2192-26-0x0000000000500000-0x000000000050E000-memory.dmp	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2192	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2208	2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2192	2208	2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe	28
PID 2208 wrote to memory of 2192	2208	2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe	28
PID 2208 wrote to memory of 2192	2208	2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe	28
PID 2208 wrote to memory of 2192	2208	2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_f402cafba10d0e2be96fdf78d0429b57_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
86KB

MD5
c60095de1ba4bb55de6e39bb569a9ce0

SHA1
3817f6f726cf8f8394eaa75f6d3649005e7ef323

SHA256
52d6787a30bbf092757f698612c1465217d9c2e5bef185f12af097a4c6badbbc

SHA512
7de228550708daee07316df2ef33ede19ea88b10e8afe4709ddb8be9be1a14958950d966e816e7d978d9f95990732e34209ecbf81453214095b325547c537f15

Download Submit
memory/2192-16-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2192-18-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2192-25-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2192-26-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2208-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2208-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2208-2-0x0000000001CA0000-0x0000000001CA6000-memory.dmp

Filesize
24KB

Download
memory/2208-9-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2208-15-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download