aa260cfeaccb662e2c67d4d4c7f25c75f544dea904ea9450986a0e2752b441e4

Analysis

max time kernel
133s
max time network
143s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe
Size

38KB
MD5

747c746be93ade9f52aa596415658edd
SHA1

290be543c163b573cfe55b932505909ff8de9338
SHA256

aa260cfeaccb662e2c67d4d4c7f25c75f544dea904ea9450986a0e2752b441e4
SHA512

b3a052f06037207361fc89209dae7dc184b123c573a78a4f979132cbdc4fd43df927a14a67ea276182f17b242e0718a11e218e7c4aeb8e10a6770deedbe1d10c
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVajSKm5uzOH7ch:X6QFElP6n+gJQMOtEvwDpjBcSKm5uGch

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2580	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1688	747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2580	1688	747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe	28
PID 1688 wrote to memory of 2580	1688	747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe	28
PID 1688 wrote to memory of 2580	1688	747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe	28
PID 1688 wrote to memory of 2580	1688	747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\747c746be93ade9f52aa596415658edd_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
e7f68afd5a32bc20f285e68c6a124c33

SHA1
8fb7e0c744ee1bddd9722dee9da8e73c1fb2453f

SHA256
d696298496bc890c28a82abc9df8fab47b3becd4d2738f10ae7f5e137deb9630

SHA512
449d2da3b561cd0d7889df14b9807c7ff86178b88dda4ee6fe2f661d6c25716bf6959962e1321f8e70c787d721f6cb273dc066dc1572e6f7d7a866cce51d4a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
e7f68afd5a32bc20f285e68c6a124c33

SHA1
8fb7e0c744ee1bddd9722dee9da8e73c1fb2453f

SHA256
d696298496bc890c28a82abc9df8fab47b3becd4d2738f10ae7f5e137deb9630

SHA512
449d2da3b561cd0d7889df14b9807c7ff86178b88dda4ee6fe2f661d6c25716bf6959962e1321f8e70c787d721f6cb273dc066dc1572e6f7d7a866cce51d4a70

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
e7f68afd5a32bc20f285e68c6a124c33

SHA1
8fb7e0c744ee1bddd9722dee9da8e73c1fb2453f

SHA256
d696298496bc890c28a82abc9df8fab47b3becd4d2738f10ae7f5e137deb9630

SHA512
449d2da3b561cd0d7889df14b9807c7ff86178b88dda4ee6fe2f661d6c25716bf6959962e1321f8e70c787d721f6cb273dc066dc1572e6f7d7a866cce51d4a70

Download Submit
memory/1688-54-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/1688-56-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/1688-55-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2580-69-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2580-70-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download