9ed438fa14d66d47041d06cc666cf4ffb67daa8aace45f621a907281d352d515

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2023 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d7775fb1ebc762c4e3d2a7b202f39b8_cryptolocker_JC.exe
Size

64KB
MD5

3d7775fb1ebc762c4e3d2a7b202f39b8
SHA1

7e42e8207fa26d8c331821dee3dce876e2de12a3
SHA256

9ed438fa14d66d47041d06cc666cf4ffb67daa8aace45f621a907281d352d515
SHA512

cc5d1ab98b78684c669f94f978eefeea74399a9eec03ecf483711385ae0c455f3b93d1137d1166f0376fbf369dd6d725d1e5f790415df366abcb163ef6c84b8c
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPtI6PMeK5:V6QFElP6n+gMQMOtEvwDpjyaLccVY5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2928	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2928	2820	3d7775fb1ebc762c4e3d2a7b202f39b8_cryptolocker_JC.exe	85
PID 2820 wrote to memory of 2928	2820	3d7775fb1ebc762c4e3d2a7b202f39b8_cryptolocker_JC.exe	85
PID 2820 wrote to memory of 2928	2820	3d7775fb1ebc762c4e3d2a7b202f39b8_cryptolocker_JC.exe	85

C:\Users\Admin\AppData\Local\Temp\3d7775fb1ebc762c4e3d2a7b202f39b8_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\3d7775fb1ebc762c4e3d2a7b202f39b8_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
e7a986d8a1872d4ee243039b9782682c

SHA1
29ce6329e3537426665611f9a13e8de9f5622ed6

SHA256
9df941614a3194d23cd4e42388483eab0687093b80d1bf5f2236c7ec982f3719

SHA512
066b53e370bb200894833a9e0c743072dfbfc910474d9b1dacf518b0fa5c3a8d73ac5a8e51c5a5ac540ea00393821cfa610555001f6d1776df84ca731caad208

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
e7a986d8a1872d4ee243039b9782682c

SHA1
29ce6329e3537426665611f9a13e8de9f5622ed6

SHA256
9df941614a3194d23cd4e42388483eab0687093b80d1bf5f2236c7ec982f3719

SHA512
066b53e370bb200894833a9e0c743072dfbfc910474d9b1dacf518b0fa5c3a8d73ac5a8e51c5a5ac540ea00393821cfa610555001f6d1776df84ca731caad208

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
e7a986d8a1872d4ee243039b9782682c

SHA1
29ce6329e3537426665611f9a13e8de9f5622ed6

SHA256
9df941614a3194d23cd4e42388483eab0687093b80d1bf5f2236c7ec982f3719

SHA512
066b53e370bb200894833a9e0c743072dfbfc910474d9b1dacf518b0fa5c3a8d73ac5a8e51c5a5ac540ea00393821cfa610555001f6d1776df84ca731caad208

Download Submit
memory/2820-133-0x0000000002060000-0x0000000002066000-memory.dmp

Filesize
24KB

Download
memory/2820-134-0x0000000002060000-0x0000000002066000-memory.dmp

Filesize
24KB

Download
memory/2820-135-0x0000000002090000-0x0000000002096000-memory.dmp

Filesize
24KB

Download
memory/2928-151-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/2928-150-0x00000000007D0000-0x00000000007D6000-memory.dmp

Filesize
24KB

Download