Analysis
-
max time kernel
12s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/11/2024, 22:21
Behavioral task
behavioral1
Sample
IndrasLock.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
IndrasLock.exe
Resource
win10v2004-20241007-en
General
-
Target
IndrasLock.exe
-
Size
120.6MB
-
MD5
fb2cab1db6333ccca939de6c56b90dbe
-
SHA1
7a805d3639f3c9fd06167a976b30675ffdecfedd
-
SHA256
20114329e2e82ffee6e51a8e39df132a4c4cbdf3a8b74b16b85b7b5626f6d76a
-
SHA512
3779d0b5646747dc18538eb26404b1df9d3c84847a5d3b217c3f9d7e87da8b45fac51954079b047177df9849d8981c593f2e83133826b4e1390956d86ee81fa4
-
SSDEEP
3145728:YzoRRxEo53x2rm9BIbqrWd62z/ei3Mlqt8h3FkX:Y2R/53xhydd62zWiclazX
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1236 IndrasLock.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2400 wrote to memory of 1236 2400 IndrasLock.exe 30 PID 2400 wrote to memory of 1236 2400 IndrasLock.exe 30 PID 2400 wrote to memory of 1236 2400 IndrasLock.exe 30
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD5b9de917b925dd246b709bb4233777efd
SHA1775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2
SHA2560c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99
SHA512f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33