f3db17f8138231edfb2c345cb347b4735fef859ea881b1adf2009cc9697dc64c

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05-08-2023 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe
Size

77KB
MD5

7419ebd595b50969e64a423c02b9bcdc
SHA1

d896cc1fb30cab2ad1db9e4cf2ef50a451727961
SHA256

f3db17f8138231edfb2c345cb347b4735fef859ea881b1adf2009cc9697dc64c
SHA512

121b755b8b35093a6d21eabf23d05a45ae9a3f27f7bccba377a477e0cba176099191ea05fd86ad44f23a04b452f7221759d04fc8a5c9885b79b29be931252d5d
SSDEEP

1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalDSwLJoshf:1nK6a+qdOOtEvwDpj2

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2296	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1152	7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-54-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/memory/1152-68-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x0009000000012024-65.dat	upx
behavioral1/memory/2296-70-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x0009000000012024-69.dat	upx
behavioral1/files/0x0009000000012024-79.dat	upx
behavioral1/memory/2296-80-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2296	1152	7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe	28
PID 1152 wrote to memory of 2296	1152	7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe	28
PID 1152 wrote to memory of 2296	1152	7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe	28
PID 1152 wrote to memory of 2296	1152	7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7419ebd595b50969e64a423c02b9bcdc_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
77KB

MD5
06208c9bb0c313fc1193f10f5fb9de96

SHA1
48c5741500872d62aba7e8185cac94357ac20a99

SHA256
7250f5ef36a6b938327b26d52be5f5a4594a39a2974bddf6648afd22a0f59121

SHA512
6874866ace1b98da973a294587bc5147376f904965f5ec81307b3e5ac896c1e1a4f160a289c095fbf3ddb91081eb35723a89f388539120fe4a91c2567ca08a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
77KB

MD5
06208c9bb0c313fc1193f10f5fb9de96

SHA1
48c5741500872d62aba7e8185cac94357ac20a99

SHA256
7250f5ef36a6b938327b26d52be5f5a4594a39a2974bddf6648afd22a0f59121

SHA512
6874866ace1b98da973a294587bc5147376f904965f5ec81307b3e5ac896c1e1a4f160a289c095fbf3ddb91081eb35723a89f388539120fe4a91c2567ca08a12

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
77KB

MD5
06208c9bb0c313fc1193f10f5fb9de96

SHA1
48c5741500872d62aba7e8185cac94357ac20a99

SHA256
7250f5ef36a6b938327b26d52be5f5a4594a39a2974bddf6648afd22a0f59121

SHA512
6874866ace1b98da973a294587bc5147376f904965f5ec81307b3e5ac896c1e1a4f160a289c095fbf3ddb91081eb35723a89f388539120fe4a91c2567ca08a12

Download Submit
memory/1152-54-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/1152-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1152-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1152-56-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/1152-68-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/2296-70-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/2296-72-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2296-73-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2296-80-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download