22a4406cef353d7abb288c3e614f2a51b2a309f7d261195baabc1869ed307f57

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
01/08/2023, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe
Size

55KB
MD5

2eb5e104b40b0e9c7d5df18599d994cc
SHA1

755c3a56c88ddca32cdf821132746100bc20b329
SHA256

22a4406cef353d7abb288c3e614f2a51b2a309f7d261195baabc1869ed307f57
SHA512

b897dda58d4cb0d5d4e41f094495d8512cb7e03f7e3fc68619f1ad18003f07ad2ef390799d67f3f9fef3e7511186ab131f9fd5a99da9beaffec8766a1c0dd993
SSDEEP

1536:X6QFElP6n+gJQMOtEvwDpjBccD2RuoNmuBLLFJr:X6a+SOtEvwDpjBrO9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2196	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1136	2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 2196	1136	2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe	1
PID 1136 wrote to memory of 2196	1136	2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe	1
PID 1136 wrote to memory of 2196	1136	2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe	1
PID 1136 wrote to memory of 2196	1136	2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe	1

C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
1⤵
- Executes dropped EXE
PID:2196

C:\Users\Admin\AppData\Local\Temp\2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2eb5e104b40b0e9c7d5df18599d994cc_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
8ee5c0c0529e8df4840d7ae9d6948318

SHA1
c16ade732ea8ee3668f14c004b1aa2996e1d25ed

SHA256
be8cc11a726038eae819c47739b5513695cb26249f9d72cd0a4d2bb37c7c7624

SHA512
bbb71681714f666ab3747e7283402a4a1eeaa9b4daedee5ce791ebe984121f84c5ba87e9d3fdf16d5969ae862004c5e1a05557ffe4346c23049c2f2a6cc26435

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
8ee5c0c0529e8df4840d7ae9d6948318

SHA1
c16ade732ea8ee3668f14c004b1aa2996e1d25ed

SHA256
be8cc11a726038eae819c47739b5513695cb26249f9d72cd0a4d2bb37c7c7624

SHA512
bbb71681714f666ab3747e7283402a4a1eeaa9b4daedee5ce791ebe984121f84c5ba87e9d3fdf16d5969ae862004c5e1a05557ffe4346c23049c2f2a6cc26435

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
8ee5c0c0529e8df4840d7ae9d6948318

SHA1
c16ade732ea8ee3668f14c004b1aa2996e1d25ed

SHA256
be8cc11a726038eae819c47739b5513695cb26249f9d72cd0a4d2bb37c7c7624

SHA512
bbb71681714f666ab3747e7283402a4a1eeaa9b4daedee5ce791ebe984121f84c5ba87e9d3fdf16d5969ae862004c5e1a05557ffe4346c23049c2f2a6cc26435

Download Submit
memory/1136-56-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/1136-55-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/1136-54-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2196-69-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download