c9546216bedc7da81e2408d4a3bc1d969da4e1fe9fcd42cec2c37fabc74ddc92

Analysis

max time kernel
1s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 15:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a2b23291d74c2353922c0a523f6dd82_cryptolocker_JC.exe
Size

118KB
MD5

5a2b23291d74c2353922c0a523f6dd82
SHA1

534e51bea61033e665a3f5bbabb68ac8a37b1741
SHA256

c9546216bedc7da81e2408d4a3bc1d969da4e1fe9fcd42cec2c37fabc74ddc92
SHA512

2e700a21eebb8b7fc2cd6cb0e3ab90c0907d70743444d07092bcef6b809019f0270e46ca2c1e0c6295633ad1ff0ce60b03efe15a00af5c701543bb45a5292bd2
SSDEEP

1536:z6QFElP6n+gKmddpMOtEvwDpj3GYQbN/PKwNgpQbCJjV:z6a+CdOOtEvwDpjczK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/116-133-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral2/files/0x00080000000231f8-146.dat	upx
behavioral2/files/0x00080000000231f8-148.dat	upx
behavioral2/files/0x00080000000231f8-149.dat	upx
behavioral2/memory/116-151-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5a2b23291d74c2353922c0a523f6dd82_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5a2b23291d74c2353922c0a523f6dd82_cryptolocker_JC.exe"
1⤵
PID:116
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
119KB

MD5
2d1cb996c32271db1409830c0d4148c3

SHA1
a654575cd8adade7b525394386b979eda947c351

SHA256
3a177199353883c47eb6acc48741b75f018d5058c649cbb171b3ec4606d2a001

SHA512
8a7d849fa4d902fc1c4a5e953047af831eb88795042fa0a7cdd5071f7ca08b6a596893262005ce68b2ebd346184923e8474c3ef205cf5fd28615c92004b57734

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
119KB

MD5
2d1cb996c32271db1409830c0d4148c3

SHA1
a654575cd8adade7b525394386b979eda947c351

SHA256
3a177199353883c47eb6acc48741b75f018d5058c649cbb171b3ec4606d2a001

SHA512
8a7d849fa4d902fc1c4a5e953047af831eb88795042fa0a7cdd5071f7ca08b6a596893262005ce68b2ebd346184923e8474c3ef205cf5fd28615c92004b57734

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
119KB

MD5
2d1cb996c32271db1409830c0d4148c3

SHA1
a654575cd8adade7b525394386b979eda947c351

SHA256
3a177199353883c47eb6acc48741b75f018d5058c649cbb171b3ec4606d2a001

SHA512
8a7d849fa4d902fc1c4a5e953047af831eb88795042fa0a7cdd5071f7ca08b6a596893262005ce68b2ebd346184923e8474c3ef205cf5fd28615c92004b57734

Download Submit
memory/116-133-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/116-134-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/116-135-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/116-136-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download
memory/116-151-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download