e15f4243a9699c6a4f48f7381c7eb4ccca50a56ee71e7c7e6f4cbab6a801241d

Analysis

max time kernel
136s
max time network
148s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
06/08/2023, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe
Size

142KB
MD5

8e26fd9a2eb4f7479bf5daf01ec97a58
SHA1

662c06f1f97feb987faac21a64b91e9f61c6bbcf
SHA256

e15f4243a9699c6a4f48f7381c7eb4ccca50a56ee71e7c7e6f4cbab6a801241d
SHA512

7d7d7c05db9a97a7ee7763c363f945ce56bbe49d7ec4766078ab2c336621ca5c9be651d91b61512f9ceea4bf26d0306cb2d69c5c431ca1fcf32d73b4facb2588
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooNY:V6a+pOtEvwDpjt22k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2016	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1936	8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2016	1936	8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe	28
PID 1936 wrote to memory of 2016	1936	8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe	28
PID 1936 wrote to memory of 2016	1936	8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe	28
PID 1936 wrote to memory of 2016	1936	8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\8e26fd9a2eb4f7479bf5daf01ec97a58_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
142KB

MD5
829733835c69fd392abb27fcd2cac1a5

SHA1
a664eeeb1e12280f19a0f60d442bfb771b0047b9

SHA256
58fb2fcd3608cd14c82673064ee56fc9d5db4358180a41ad94e1bee9fed7ad82

SHA512
720e936652ffdb994183cf5af3cfecc1d5f9824531c1e43d024bade6065bbc013b92b8846032263c8427408c43b50fa18729b558e81a151a252ad322bac8928f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
142KB

MD5
829733835c69fd392abb27fcd2cac1a5

SHA1
a664eeeb1e12280f19a0f60d442bfb771b0047b9

SHA256
58fb2fcd3608cd14c82673064ee56fc9d5db4358180a41ad94e1bee9fed7ad82

SHA512
720e936652ffdb994183cf5af3cfecc1d5f9824531c1e43d024bade6065bbc013b92b8846032263c8427408c43b50fa18729b558e81a151a252ad322bac8928f

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
142KB

MD5
829733835c69fd392abb27fcd2cac1a5

SHA1
a664eeeb1e12280f19a0f60d442bfb771b0047b9

SHA256
58fb2fcd3608cd14c82673064ee56fc9d5db4358180a41ad94e1bee9fed7ad82

SHA512
720e936652ffdb994183cf5af3cfecc1d5f9824531c1e43d024bade6065bbc013b92b8846032263c8427408c43b50fa18729b558e81a151a252ad322bac8928f

Download Submit
memory/1936-53-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1936-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1936-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2016-68-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2016-69-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download