Analysis
-
max time kernel
136s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
05/08/2023, 13:22
Static task
static1
Behavioral task
behavioral1
Sample
713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe
-
Size
28KB
-
MD5
713f24a5ebac12af93f76df3620d4516
-
SHA1
9123882b022a417b2b72336995a72a2a8daf1301
-
SHA256
d66c2f92499fb5202dbd3404d988318768deffa0b674f3aa6c8fb3d3b48c4045
-
SHA512
22903643a2a2bab1fc1bccd6d97f57ec9eeb3079df1971a3c82a6e3e8fee7fcaab11a37b6e33316f787bb47f7fdee3530968a9043761d2684a49897740a95c2f
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjB9I:X6QFElP6n+gJQMOtEvwDpjBW
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1616 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2340 713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2340 wrote to memory of 1616 2340 713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe 28 PID 2340 wrote to memory of 1616 2340 713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe 28 PID 2340 wrote to memory of 1616 2340 713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe 28 PID 2340 wrote to memory of 1616 2340 713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\713f24a5ebac12af93f76df3620d4516_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:1616
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5effb2835b129b1bf690bde04d4406cf9
SHA1b72f568af2f3b9855f08d93ac908c009ea0ed9f1
SHA25697fa6b77ef21031986306d5c4764b8fe344b15da08baf0ae83c3463f1d061777
SHA512b576b9e51fdba76e02b9eca47eeaa248ff0cec0c51ae7dec53acc05627522be27f242b3af6cea88e9bc25763d90c5ce5243f1cfedbf0126f6428b51afef1ac38
-
Filesize
28KB
MD5effb2835b129b1bf690bde04d4406cf9
SHA1b72f568af2f3b9855f08d93ac908c009ea0ed9f1
SHA25697fa6b77ef21031986306d5c4764b8fe344b15da08baf0ae83c3463f1d061777
SHA512b576b9e51fdba76e02b9eca47eeaa248ff0cec0c51ae7dec53acc05627522be27f242b3af6cea88e9bc25763d90c5ce5243f1cfedbf0126f6428b51afef1ac38
-
Filesize
28KB
MD5effb2835b129b1bf690bde04d4406cf9
SHA1b72f568af2f3b9855f08d93ac908c009ea0ed9f1
SHA25697fa6b77ef21031986306d5c4764b8fe344b15da08baf0ae83c3463f1d061777
SHA512b576b9e51fdba76e02b9eca47eeaa248ff0cec0c51ae7dec53acc05627522be27f242b3af6cea88e9bc25763d90c5ce5243f1cfedbf0126f6428b51afef1ac38