5bab35e4cad01f41fe258e2fa11438c700d784ce1a422b604d1ac0320d66fd73

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d585d884ba70d5fa1a7b61922c7d431_cryptolocker_JC.exe
Size

45KB
MD5

4d585d884ba70d5fa1a7b61922c7d431
SHA1

5f0386a52f6ecac7b2aaf208119286a8f6188702
SHA256

5bab35e4cad01f41fe258e2fa11438c700d784ce1a422b604d1ac0320d66fd73
SHA512

3158396e59ef44a7485f5cf8a74d6d28ef0c12418d167422b0fff1a93c39310a36f09ce88a15e17c6f90f26fd30d3bbe880c09cd7e55b34d3942263513e85128
SSDEEP

768:79inqyNR/QtOOtEvwDpjBKp1MiYPP/btp:79mqyNhQMOtEvwDpjBktYH3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1480	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1480	2868	4d585d884ba70d5fa1a7b61922c7d431_cryptolocker_JC.exe	86
PID 2868 wrote to memory of 1480	2868	4d585d884ba70d5fa1a7b61922c7d431_cryptolocker_JC.exe	86
PID 2868 wrote to memory of 1480	2868	4d585d884ba70d5fa1a7b61922c7d431_cryptolocker_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\4d585d884ba70d5fa1a7b61922c7d431_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\4d585d884ba70d5fa1a7b61922c7d431_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
701ec461cb3572911453c5e9c1ed1927

SHA1
c620aada1d67a0c8c46b1aff7a7da57093d53d74

SHA256
34eb97771b5ac35da6f0ffe1593ed76b70c467485ceebb46c0897126cb7f0769

SHA512
22bd8f39a6d956ae4e609c34086df519cb7ba6d0860738dd52ae076552f6dfad9eaedc2bd536359cae10f1221ae0f565547505aaf2e2376659304a11554ebffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
701ec461cb3572911453c5e9c1ed1927

SHA1
c620aada1d67a0c8c46b1aff7a7da57093d53d74

SHA256
34eb97771b5ac35da6f0ffe1593ed76b70c467485ceebb46c0897126cb7f0769

SHA512
22bd8f39a6d956ae4e609c34086df519cb7ba6d0860738dd52ae076552f6dfad9eaedc2bd536359cae10f1221ae0f565547505aaf2e2376659304a11554ebffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
701ec461cb3572911453c5e9c1ed1927

SHA1
c620aada1d67a0c8c46b1aff7a7da57093d53d74

SHA256
34eb97771b5ac35da6f0ffe1593ed76b70c467485ceebb46c0897126cb7f0769

SHA512
22bd8f39a6d956ae4e609c34086df519cb7ba6d0860738dd52ae076552f6dfad9eaedc2bd536359cae10f1221ae0f565547505aaf2e2376659304a11554ebffc

Download Submit
memory/1480-152-0x00000000006B0000-0x00000000006B6000-memory.dmp

Filesize
24KB

Download
memory/1480-153-0x00000000006D0000-0x00000000006D6000-memory.dmp

Filesize
24KB

Download
memory/1480-159-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2868-133-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2868-134-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/2868-135-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/2868-136-0x00000000020F0000-0x00000000020F6000-memory.dmp

Filesize
24KB

Download
memory/2868-150-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download