d95325792728d60a56150428595bbb0b70dce2d2a2c94a197300d05898e9c711

Analysis

max time kernel
130s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2023, 15:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8bfb568bf099f455af037f2e7ddaaa43_cryptolocker_JC.exe
Size

143KB
MD5

8bfb568bf099f455af037f2e7ddaaa43
SHA1

775119373c118fc3e30d6185d1e7f3baefcf3f8f
SHA256

d95325792728d60a56150428595bbb0b70dce2d2a2c94a197300d05898e9c711
SHA512

b11cdd1356c81015bf8e22a9b2a309b43f11afaf663da3f0da81959a9165046500b9c1322031f970978860e5a6027ccbe3c2d6b04397049e3f8a2c9ffc4d171f
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooHPPFdM:V6a+pOtEvwDpjt22W

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3844	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 3844	4264	8bfb568bf099f455af037f2e7ddaaa43_cryptolocker_JC.exe	80
PID 4264 wrote to memory of 3844	4264	8bfb568bf099f455af037f2e7ddaaa43_cryptolocker_JC.exe	80
PID 4264 wrote to memory of 3844	4264	8bfb568bf099f455af037f2e7ddaaa43_cryptolocker_JC.exe	80

C:\Users\Admin\AppData\Local\Temp\8bfb568bf099f455af037f2e7ddaaa43_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\8bfb568bf099f455af037f2e7ddaaa43_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
143KB

MD5
aea14a17588400b56011759545b1713e

SHA1
be5678f168f9a13ea818266b491cf4bc403a2a78

SHA256
f1af618afd939ff46a58afc8deea512e25fff0cb0e1329d58e5f0ed7a92cbc25

SHA512
0cf6fbaa9b93a8112175679cb6be58864497ffd1262c449ad7c01631250b58835a846021e87eade9455a439e7d67bf4f93109edb5d3f1dbfc56c93e0db0a6171

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
143KB

MD5
aea14a17588400b56011759545b1713e

SHA1
be5678f168f9a13ea818266b491cf4bc403a2a78

SHA256
f1af618afd939ff46a58afc8deea512e25fff0cb0e1329d58e5f0ed7a92cbc25

SHA512
0cf6fbaa9b93a8112175679cb6be58864497ffd1262c449ad7c01631250b58835a846021e87eade9455a439e7d67bf4f93109edb5d3f1dbfc56c93e0db0a6171

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
143KB

MD5
aea14a17588400b56011759545b1713e

SHA1
be5678f168f9a13ea818266b491cf4bc403a2a78

SHA256
f1af618afd939ff46a58afc8deea512e25fff0cb0e1329d58e5f0ed7a92cbc25

SHA512
0cf6fbaa9b93a8112175679cb6be58864497ffd1262c449ad7c01631250b58835a846021e87eade9455a439e7d67bf4f93109edb5d3f1dbfc56c93e0db0a6171

Download Submit
memory/3844-150-0x0000000000750000-0x0000000000756000-memory.dmp

Filesize
24KB

Download
memory/3844-151-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/4264-133-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download
memory/4264-134-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download
memory/4264-135-0x0000000000650000-0x0000000000656000-memory.dmp

Filesize
24KB

Download