3541ed62419f22169f4b7e8a7906c1ae8c618947dad1cb4f0afdceb90f50e907

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27cca96214de923cea31fb9ce6be8e91_cryptolocker_JC.exe
Size

82KB
MD5

27cca96214de923cea31fb9ce6be8e91
SHA1

187e78577bc1cb049453fe5e10fa4de6a55ab510
SHA256

3541ed62419f22169f4b7e8a7906c1ae8c618947dad1cb4f0afdceb90f50e907
SHA512

988b9d324f9511d492198f773dc235e5a1c1d776da2861d9f2111cbf2c95ffa79da0e0e2f3cf119a201031382aa556d6f49ea044b44316f758e4828463432b25
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOTm:T6a+rdOOtEvwDpjNG

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4872	asih.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4628-133-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/files/0x00060000000230c7-146.dat	upx
behavioral2/files/0x00060000000230c7-148.dat	upx
behavioral2/files/0x00060000000230c7-149.dat	upx
behavioral2/memory/4628-158-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/4872-159-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 4872	4628	27cca96214de923cea31fb9ce6be8e91_cryptolocker_JC.exe	88
PID 4628 wrote to memory of 4872	4628	27cca96214de923cea31fb9ce6be8e91_cryptolocker_JC.exe	88
PID 4628 wrote to memory of 4872	4628	27cca96214de923cea31fb9ce6be8e91_cryptolocker_JC.exe	88

C:\Users\Admin\AppData\Local\Temp\27cca96214de923cea31fb9ce6be8e91_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\27cca96214de923cea31fb9ce6be8e91_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
82KB

MD5
4c7daa4140be9eb89244e2c1b2aa4e39

SHA1
48c0f2e2449e2162d5f795e4b00f695603be4e00

SHA256
7effea02845d32eac336744660e9b1734f857dacd7127c357943218e9cc7fc34

SHA512
fa8293e888a8ad1281c0a97e3d56af96f07b16b6ab8718fecda92a5bfa41d45333609e9a4495a0ca95e67cf8670a4d6d5021aa054a388453b37c7489fa2c18af

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
82KB

MD5
4c7daa4140be9eb89244e2c1b2aa4e39

SHA1
48c0f2e2449e2162d5f795e4b00f695603be4e00

SHA256
7effea02845d32eac336744660e9b1734f857dacd7127c357943218e9cc7fc34

SHA512
fa8293e888a8ad1281c0a97e3d56af96f07b16b6ab8718fecda92a5bfa41d45333609e9a4495a0ca95e67cf8670a4d6d5021aa054a388453b37c7489fa2c18af

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
82KB

MD5
4c7daa4140be9eb89244e2c1b2aa4e39

SHA1
48c0f2e2449e2162d5f795e4b00f695603be4e00

SHA256
7effea02845d32eac336744660e9b1734f857dacd7127c357943218e9cc7fc34

SHA512
fa8293e888a8ad1281c0a97e3d56af96f07b16b6ab8718fecda92a5bfa41d45333609e9a4495a0ca95e67cf8670a4d6d5021aa054a388453b37c7489fa2c18af

Download Submit
memory/4628-133-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/4628-134-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download
memory/4628-135-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download
memory/4628-136-0x0000000000650000-0x0000000000656000-memory.dmp

Filesize
24KB

Download
memory/4628-158-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/4872-151-0x00000000021D0000-0x00000000021D6000-memory.dmp

Filesize
24KB

Download
memory/4872-152-0x00000000020F0000-0x00000000020F6000-memory.dmp

Filesize
24KB

Download
memory/4872-159-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download