9896f819fae376d5eaf5ed32eea8375158b7b83a21d4c30f75c32ab240e2a2e4

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2023 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

657f2f317e99af126f1d8912df63feca_cryptolocker_JC.exe
Size

53KB
MD5

657f2f317e99af126f1d8912df63feca
SHA1

33435bd1f0d63145f6ae73231dccc8f475a8af0f
SHA256

9896f819fae376d5eaf5ed32eea8375158b7b83a21d4c30f75c32ab240e2a2e4
SHA512

21ce4c4695e3c22aeeb4053a0876938fe4a6a22d4b392629b8c90e968e8a48243fca5c8c3d31f1fa43dbcbc445f99b10af1502de15ad9eda1190f76539f79cbb
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccCKdulcS:V6a+pOtEvwDpjv9S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2644	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2644	1288	657f2f317e99af126f1d8912df63feca_cryptolocker_JC.exe	82
PID 1288 wrote to memory of 2644	1288	657f2f317e99af126f1d8912df63feca_cryptolocker_JC.exe	82
PID 1288 wrote to memory of 2644	1288	657f2f317e99af126f1d8912df63feca_cryptolocker_JC.exe	82

C:\Users\Admin\AppData\Local\Temp\657f2f317e99af126f1d8912df63feca_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\657f2f317e99af126f1d8912df63feca_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
53KB

MD5
4ac6fec95e64e4f82672acc81bc1f9d2

SHA1
b6b3a2bac5b1ae0e0a7f472069278572f6bb8391

SHA256
5aae56e78a28bcbe4ff44b8f9fc68b77e57a36e5b5257bdbb74ab8c62807fe0d

SHA512
6f528ee4637810095a02416bc6748a427b4a8c48869918fff3852bb3514d682f98b2e2e2fb1aeb3af5f2c32ff9dd8e1e3e6f262439b8fd5005d8c240844ed366

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
53KB

MD5
4ac6fec95e64e4f82672acc81bc1f9d2

SHA1
b6b3a2bac5b1ae0e0a7f472069278572f6bb8391

SHA256
5aae56e78a28bcbe4ff44b8f9fc68b77e57a36e5b5257bdbb74ab8c62807fe0d

SHA512
6f528ee4637810095a02416bc6748a427b4a8c48869918fff3852bb3514d682f98b2e2e2fb1aeb3af5f2c32ff9dd8e1e3e6f262439b8fd5005d8c240844ed366

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
53KB

MD5
4ac6fec95e64e4f82672acc81bc1f9d2

SHA1
b6b3a2bac5b1ae0e0a7f472069278572f6bb8391

SHA256
5aae56e78a28bcbe4ff44b8f9fc68b77e57a36e5b5257bdbb74ab8c62807fe0d

SHA512
6f528ee4637810095a02416bc6748a427b4a8c48869918fff3852bb3514d682f98b2e2e2fb1aeb3af5f2c32ff9dd8e1e3e6f262439b8fd5005d8c240844ed366

Download Submit
memory/1288-134-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/1288-133-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/1288-135-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/2644-151-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2644-150-0x00000000005E0000-0x00000000005E6000-memory.dmp

Filesize
24KB

Download