2015-02-06 - TRAFFIC PATTERN CHANGE IN CRYPTOWALL 3.0 SAMPLE

ASSOCIATED FILES:

 

NOTES:

 

CHAIN OF EVENTS

TRAFFIC FROM THE INFECTED VM:

 

SNORT EVENTS

Signature hits from the Emerging Threats and ETPRO rulesets using Sguil on Security Onion (without ET POLICY or ET INFO events):

 

PRELIMINARY MALWARE ANALYSIS

MALWARE

File name:  2015-02-06-CryptoWall-3.0-sample.exe
File size:  220.1 KB ( 225341 bytes )
MD5 hash:  b188a7a9de9c101aed6ecf075daf19f2
Detection ratio:  5 / 55
First submission:  2015-02-06 17:12:45 UTC
VirusTotal link:  https://www.virustotal.com/en/file/74218a572992da05a1cb2a2ea155862ac280e2777ae902828071f7328beaa532/analysis/
Malwr link:  https://malwr.com/analysis/ZGE5YmMwNTg4ZGNmNDVjMzgyMjQyNjI5ZDdlMzQwMmM/

 

SCREENSHOTS

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.