Overview

overview

7

Static

static

7

2fc106db62...JC.exe

windows7-x64

7

2fc106db62...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    01/08/2023, 16:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fc106db62fce61bc453e2bdfc9cfc6a_cryptolocker_JC.exe

  • Size

    59KB

  • MD5

    2fc106db62fce61bc453e2bdfc9cfc6a

  • SHA1

    31f47a275b90acfc94882bfcd3c3bea27e83a4cb

  • SHA256

    ab2be5d3a99b7f67c763f30f1938920fa4ddb42893ecffe3bc9c951cb7131000

  • SHA512

    eb094756509e1ecf6ee7d72cea26809f22443d7a248310480952445453d28ed65e3ab19d2deaea28c3e7ccb30a01d7f42f128c3330574055297e0f0010744cd3

  • SSDEEP

    768:z6LsoEEeegiZPvEhHSG+gzum/kLyMro2GtOOtEvwDpj/YMLam5aFr7YOzR82:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAk

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fc106db62fce61bc453e2bdfc9cfc6a_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc106db62fce61bc453e2bdfc9cfc6a_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1580

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
    Response
    emrlogistics.com
    IN CNAME
    traff-1.hugedomains.com
    traff-1.hugedomains.com
    IN CNAME
    hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
    hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
    IN A
    54.209.32.212
    hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com
    IN A
    52.71.57.184
  • 54.209.32.212:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 52.71.57.184:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.209.32.212:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 52.71.57.184:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.209.32.212:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 52.71.57.184:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.209.32.212:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    62 B
     192 B
     1
    1

    DNS Request

    emrlogistics.com

    DNS Response

    54.209.32.212
    52.71.57.184

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    1f0c73430768f151128c9c694669cec7

    SHA1

    92bf5a91c7532a59809fc5d3fac76e3bdf6bdb06

    SHA256

    8aebb392237f12963d6162fe2acd4c75b3d422d37fb3a91a105bcdf83d829f6c

    SHA512

    3bb8d54022235d989810141f145663b74ca5e458913f217d986e956f60d1a16af1ee4d7f53875f318eb6d4d5b808a45b79b88742ac8e31d73bfb1e61c5fd5258

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    1f0c73430768f151128c9c694669cec7

    SHA1

    92bf5a91c7532a59809fc5d3fac76e3bdf6bdb06

    SHA256

    8aebb392237f12963d6162fe2acd4c75b3d422d37fb3a91a105bcdf83d829f6c

    SHA512

    3bb8d54022235d989810141f145663b74ca5e458913f217d986e956f60d1a16af1ee4d7f53875f318eb6d4d5b808a45b79b88742ac8e31d73bfb1e61c5fd5258

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    1f0c73430768f151128c9c694669cec7

    SHA1

    92bf5a91c7532a59809fc5d3fac76e3bdf6bdb06

    SHA256

    8aebb392237f12963d6162fe2acd4c75b3d422d37fb3a91a105bcdf83d829f6c

    SHA512

    3bb8d54022235d989810141f145663b74ca5e458913f217d986e956f60d1a16af1ee4d7f53875f318eb6d4d5b808a45b79b88742ac8e31d73bfb1e61c5fd5258

    Download Submit

  • memory/1580-73-0x0000000000430000-0x0000000000436000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1580-70-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1580-81-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2080-56-0x0000000000460000-0x0000000000466000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2080-68-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2080-55-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2080-69-0x0000000001FE0000-0x0000000001FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2080-53-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2080-54-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2080-80-0x0000000001FE0000-0x0000000001FF0000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.