a5fbaef3e49025d2bbfd2a1b3807fcd635671641223b43c9dd7826df6323bf3e

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2023 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e879cc8ae2584029aa5e3010358d5c8_cryptolocker_JC.exe
Size

142KB
MD5

5e879cc8ae2584029aa5e3010358d5c8
SHA1

475aeca1325fad5a0f13cb30363ef336d953b93d
SHA256

a5fbaef3e49025d2bbfd2a1b3807fcd635671641223b43c9dd7826df6323bf3e
SHA512

27c5947fa04abb966886d165b170a47330f4ad3c1cb99ce1f134ea91f7724e8ccf54bf0efd974fd2d221c3b4c86c736d4333dc9c9c4a28415aaa3ad026374fe1
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooNH:V6a+pOtEvwDpjt227

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3124	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 3124	3624	5e879cc8ae2584029aa5e3010358d5c8_cryptolocker_JC.exe	85
PID 3624 wrote to memory of 3124	3624	5e879cc8ae2584029aa5e3010358d5c8_cryptolocker_JC.exe	85
PID 3624 wrote to memory of 3124	3624	5e879cc8ae2584029aa5e3010358d5c8_cryptolocker_JC.exe	85

C:\Users\Admin\AppData\Local\Temp\5e879cc8ae2584029aa5e3010358d5c8_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5e879cc8ae2584029aa5e3010358d5c8_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
142KB

MD5
36233fba8e6f1f8e97b8f0767316d926

SHA1
dc0817d1757463daa4828b232bf2114c97d8b7e2

SHA256
07a6deb21ae93c7328ecf1057c0e0fa7ebf7cf03f3025b427e97dfb9b4e9465b

SHA512
faf377589b73ba22f82d0c91b7ca4038bc721ff0bfb83f7b3ec8794b5af8f88794a560b900108256097e7999a29578c6809e9f14e0fee7ff3bd8e8fe4c4f36ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
142KB

MD5
36233fba8e6f1f8e97b8f0767316d926

SHA1
dc0817d1757463daa4828b232bf2114c97d8b7e2

SHA256
07a6deb21ae93c7328ecf1057c0e0fa7ebf7cf03f3025b427e97dfb9b4e9465b

SHA512
faf377589b73ba22f82d0c91b7ca4038bc721ff0bfb83f7b3ec8794b5af8f88794a560b900108256097e7999a29578c6809e9f14e0fee7ff3bd8e8fe4c4f36ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
142KB

MD5
36233fba8e6f1f8e97b8f0767316d926

SHA1
dc0817d1757463daa4828b232bf2114c97d8b7e2

SHA256
07a6deb21ae93c7328ecf1057c0e0fa7ebf7cf03f3025b427e97dfb9b4e9465b

SHA512
faf377589b73ba22f82d0c91b7ca4038bc721ff0bfb83f7b3ec8794b5af8f88794a560b900108256097e7999a29578c6809e9f14e0fee7ff3bd8e8fe4c4f36ca

Download Submit
memory/3124-150-0x00000000006D0000-0x00000000006D6000-memory.dmp

Filesize
24KB

Download
memory/3124-151-0x00000000006B0000-0x00000000006B6000-memory.dmp

Filesize
24KB

Download
memory/3624-133-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/3624-134-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/3624-135-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download