3e2e78a26d28590c6f7060634700475927158396b49c00b8cd1ad964b061c9fe

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe
Size

64KB
MD5

5c613f70660b170e7c8ee669b5ca17fa
SHA1

a34ca419b66e9ce5d051fec3670bbe5c10ccc26f
SHA256

3e2e78a26d28590c6f7060634700475927158396b49c00b8cd1ad964b061c9fe
SHA512

327e3d6a039c6da4ef23ee0e8f6a89fffd7bbda0956a16dd032e8cf0745152656b9d98c5e90ea0d10947e9c109429e3af237dda142071188c55be396a2587d2d
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VyldjsASh8yGuF:79mqyNhQMOtEvwDpjBPY7xv3gnQey/F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
756	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2464	5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 756	2464	5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe	30
PID 2464 wrote to memory of 756	2464	5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe	30
PID 2464 wrote to memory of 756	2464	5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe	30
PID 2464 wrote to memory of 756	2464	5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe	30

C:\Users\Admin\AppData\Local\Temp\5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5c613f70660b170e7c8ee669b5ca17fa_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
c1353a9585a9342a700bb28ecb101b01

SHA1
3518c37c30566a561a559b3117c1acaaa15fb5ac

SHA256
3f3dda97f6eccd1fb6bd7121d7da3c3de5082f58eafefb2bbbaebc7b8e69a507

SHA512
35b006eefe75aca8eaa3f129ea97158ec9b74176a8999de2f19f2528251b7ff31b7736c8f6fd02d4b5a38b1442a5292d2d9a782db49d3dbd23c53a3e118ae2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
c1353a9585a9342a700bb28ecb101b01

SHA1
3518c37c30566a561a559b3117c1acaaa15fb5ac

SHA256
3f3dda97f6eccd1fb6bd7121d7da3c3de5082f58eafefb2bbbaebc7b8e69a507

SHA512
35b006eefe75aca8eaa3f129ea97158ec9b74176a8999de2f19f2528251b7ff31b7736c8f6fd02d4b5a38b1442a5292d2d9a782db49d3dbd23c53a3e118ae2c7

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
64KB

MD5
c1353a9585a9342a700bb28ecb101b01

SHA1
3518c37c30566a561a559b3117c1acaaa15fb5ac

SHA256
3f3dda97f6eccd1fb6bd7121d7da3c3de5082f58eafefb2bbbaebc7b8e69a507

SHA512
35b006eefe75aca8eaa3f129ea97158ec9b74176a8999de2f19f2528251b7ff31b7736c8f6fd02d4b5a38b1442a5292d2d9a782db49d3dbd23c53a3e118ae2c7

Download Submit
memory/756-72-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/756-70-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/756-79-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2464-53-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2464-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2464-56-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2464-55-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2464-66-0x0000000002800000-0x000000000280F000-memory.dmp

Filesize
60KB

Download
memory/2464-68-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download