Analysis

  • max time kernel
    136s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2023, 13:22

General

  • Target

    713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe

  • Size

    28KB

  • MD5

    713f24a5ebac12af93f76df3620d4516

  • SHA1

    9123882b022a417b2b72336995a72a2a8daf1301

  • SHA256

    d66c2f92499fb5202dbd3404d988318768deffa0b674f3aa6c8fb3d3b48c4045

  • SHA512

    22903643a2a2bab1fc1bccd6d97f57ec9eeb3079df1971a3c82a6e3e8fee7fcaab11a37b6e33316f787bb47f7fdee3530968a9043761d2684a49897740a95c2f

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjB9I:X6QFElP6n+gJQMOtEvwDpjBW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    28KB

    MD5

    effb2835b129b1bf690bde04d4406cf9

    SHA1

    b72f568af2f3b9855f08d93ac908c009ea0ed9f1

    SHA256

    97fa6b77ef21031986306d5c4764b8fe344b15da08baf0ae83c3463f1d061777

    SHA512

    b576b9e51fdba76e02b9eca47eeaa248ff0cec0c51ae7dec53acc05627522be27f242b3af6cea88e9bc25763d90c5ce5243f1cfedbf0126f6428b51afef1ac38

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    28KB

    MD5

    effb2835b129b1bf690bde04d4406cf9

    SHA1

    b72f568af2f3b9855f08d93ac908c009ea0ed9f1

    SHA256

    97fa6b77ef21031986306d5c4764b8fe344b15da08baf0ae83c3463f1d061777

    SHA512

    b576b9e51fdba76e02b9eca47eeaa248ff0cec0c51ae7dec53acc05627522be27f242b3af6cea88e9bc25763d90c5ce5243f1cfedbf0126f6428b51afef1ac38

  • \Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    28KB

    MD5

    effb2835b129b1bf690bde04d4406cf9

    SHA1

    b72f568af2f3b9855f08d93ac908c009ea0ed9f1

    SHA256

    97fa6b77ef21031986306d5c4764b8fe344b15da08baf0ae83c3463f1d061777

    SHA512

    b576b9e51fdba76e02b9eca47eeaa248ff0cec0c51ae7dec53acc05627522be27f242b3af6cea88e9bc25763d90c5ce5243f1cfedbf0126f6428b51afef1ac38

  • memory/1616-69-0x00000000003B0000-0x00000000003B6000-memory.dmp

    Filesize

    24KB

  • memory/1616-70-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

  • memory/2340-54-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2340-56-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2340-55-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB