8e876ee87659e17e3f7225c8b409337b71dd5fe24cc025cba630a66f1fec62b5

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2023, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cffb8ad46ac49dda884f1f15a9ed48f_cryptolocker_JC.exe
Size

32KB
MD5

8cffb8ad46ac49dda884f1f15a9ed48f
SHA1

7ee412e2a845fe290d714a5668b94602a09130d2
SHA256

8e876ee87659e17e3f7225c8b409337b71dd5fe24cc025cba630a66f1fec62b5
SHA512

feccb17f8ddba941f52974759e639eef5546d0b01e323f4b4c236b42b372d78855ea65542e6ee72db99a95077ffd71b771d6cb68eda748f56f23e1ed97b84cd1
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf0wVIspv:bgX4zYcgTEu6QOaryfjqDDwv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4976	hasfj.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 4976	4572	8cffb8ad46ac49dda884f1f15a9ed48f_cryptolocker_JC.exe	83
PID 4572 wrote to memory of 4976	4572	8cffb8ad46ac49dda884f1f15a9ed48f_cryptolocker_JC.exe	83
PID 4572 wrote to memory of 4976	4572	8cffb8ad46ac49dda884f1f15a9ed48f_cryptolocker_JC.exe	83

C:\Users\Admin\AppData\Local\Temp\8cffb8ad46ac49dda884f1f15a9ed48f_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\8cffb8ad46ac49dda884f1f15a9ed48f_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
32KB

MD5
9f9e323816c604fb05877bfefd6af3df

SHA1
e9d54a77c6c1d9f1eca0b9b6e2e3ba11401bf459

SHA256
cc6edbe55e42ed6d2c21fb0369ee8451ee82432f8ddb125c964ef1e3d4d5914f

SHA512
8c340a40a1c72d10bd3bc2a524ac33522763d69b5e722bcb6e9197d3485a202d40998ef149dc3f36fb69061285a3c7dfe00b551fb4331c50745dd7c34f7443e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
32KB

MD5
9f9e323816c604fb05877bfefd6af3df

SHA1
e9d54a77c6c1d9f1eca0b9b6e2e3ba11401bf459

SHA256
cc6edbe55e42ed6d2c21fb0369ee8451ee82432f8ddb125c964ef1e3d4d5914f

SHA512
8c340a40a1c72d10bd3bc2a524ac33522763d69b5e722bcb6e9197d3485a202d40998ef149dc3f36fb69061285a3c7dfe00b551fb4331c50745dd7c34f7443e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
32KB

MD5
9f9e323816c604fb05877bfefd6af3df

SHA1
e9d54a77c6c1d9f1eca0b9b6e2e3ba11401bf459

SHA256
cc6edbe55e42ed6d2c21fb0369ee8451ee82432f8ddb125c964ef1e3d4d5914f

SHA512
8c340a40a1c72d10bd3bc2a524ac33522763d69b5e722bcb6e9197d3485a202d40998ef149dc3f36fb69061285a3c7dfe00b551fb4331c50745dd7c34f7443e5

Download Submit
memory/4572-133-0x0000000002250000-0x0000000002256000-memory.dmp

Filesize
24KB

Download
memory/4572-134-0x0000000002250000-0x0000000002256000-memory.dmp

Filesize
24KB

Download
memory/4572-135-0x0000000003150000-0x0000000003156000-memory.dmp

Filesize
24KB

Download
memory/4976-151-0x0000000002090000-0x0000000002096000-memory.dmp

Filesize
24KB

Download
memory/4976-150-0x0000000002ED0000-0x0000000002ED6000-memory.dmp

Filesize
24KB

Download