Overview

overview

7

Static

static

3

4ef10628f9...JC.exe

windows7-x64

7

4ef10628f9...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2023 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ef10628f94483fd98ddd1a6ce29362d_cryptolocker_JC.exe

  • Size

    33KB

  • MD5

    4ef10628f94483fd98ddd1a6ce29362d

  • SHA1

    b509ac6c3faa069c0d94439f69f9ea34cf197370

  • SHA256

    cc4e2bbc97b408399c4ca385b56a743d00d76a6fec1e591449519de5d28027a3

  • SHA512

    4f0afa5a22718f6525f9dbbb366438f41d3b1a905402ccd9e9bbcab1043c4eea97867a0b20e9d4fe4a8ca3229dc29d7abc46be9d78696264090acac4991368fa

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+PM03:bgX4zYcgTEu6QOaryfjqDlCE03

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ef10628f94483fd98ddd1a6ce29362d_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4ef10628f94483fd98ddd1a6ce29362d_cryptolocker_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:4988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    33KB

    MD5

    4e6d6854ffe0199e3ba4162713ff58f0

    SHA1

    d2f084882e14240cf6296e71745c0af437dfd6f4

    SHA256

    c4ec616f6955e1299123d8aa32fa1acf80c426f856cf6e90755fa63fb9f0e226

    SHA512

    31e601f16705e636fd4c2b6e860b79e145c78ab6e90be6e1f9123aa9f7d46e84b1fe9eeb22dbf02ba791df51d5066cdb6675732018070a4b45ea3e822334a10e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    33KB

    MD5

    4e6d6854ffe0199e3ba4162713ff58f0

    SHA1

    d2f084882e14240cf6296e71745c0af437dfd6f4

    SHA256

    c4ec616f6955e1299123d8aa32fa1acf80c426f856cf6e90755fa63fb9f0e226

    SHA512

    31e601f16705e636fd4c2b6e860b79e145c78ab6e90be6e1f9123aa9f7d46e84b1fe9eeb22dbf02ba791df51d5066cdb6675732018070a4b45ea3e822334a10e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    33KB

    MD5

    4e6d6854ffe0199e3ba4162713ff58f0

    SHA1

    d2f084882e14240cf6296e71745c0af437dfd6f4

    SHA256

    c4ec616f6955e1299123d8aa32fa1acf80c426f856cf6e90755fa63fb9f0e226

    SHA512

    31e601f16705e636fd4c2b6e860b79e145c78ab6e90be6e1f9123aa9f7d46e84b1fe9eeb22dbf02ba791df51d5066cdb6675732018070a4b45ea3e822334a10e

    Download Submit

  • memory/3844-133-0x0000000002120000-0x0000000002126000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3844-134-0x0000000002120000-0x0000000002126000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3844-135-0x0000000003010000-0x0000000003016000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4988-150-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download