f81ad96288d0e3303762997dba26b85670b99bb1b98c3ea54845b025a82db8d9

Analysis

max time kernel
135s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
08/08/2023, 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe
Size

71KB
MD5

96d2e1bc5de48a518e0cf7a01db47231
SHA1

84fd697e72aab98b15732e82bff717ff58a7b40d
SHA256

f81ad96288d0e3303762997dba26b85670b99bb1b98c3ea54845b025a82db8d9
SHA512

49506fb40f9b80a6e06a101b135298648da101ac4df8c43f1f3173cda062a0f4044269c84e0ca6f4b9b9774d4a167905c342403ae5180b787949b8465f6c82e2
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOA+z:T6a+rdOOtEvwDpjNN

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2232	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1708	96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-54-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0007000000012107-65.dat	upx
behavioral1/files/0x0007000000012107-68.dat	upx
behavioral1/memory/2232-70-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1708-69-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0007000000012107-79.dat	upx
behavioral1/memory/2232-80-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2232	1708	96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe	28
PID 1708 wrote to memory of 2232	1708	96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe	28
PID 1708 wrote to memory of 2232	1708	96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe	28
PID 1708 wrote to memory of 2232	1708	96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
71KB

MD5
5211ffe271ad1f4eb2df4bf6b3004013

SHA1
14581cb0d415c71992ad1c031d2ff13efd065dac

SHA256
2a5db1f0c303b506eeb3abc55459111f81a382cc2dc389f4af28b70b86d2fae3

SHA512
dacbc914d8bbe458a2b3eaceb069c0dd6f991374aa8b1e5b46bde1521c6d4ff8a554c07c98b459aec205050671899b6224136410fd0da712e455aab7e3f90e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
71KB

MD5
5211ffe271ad1f4eb2df4bf6b3004013

SHA1
14581cb0d415c71992ad1c031d2ff13efd065dac

SHA256
2a5db1f0c303b506eeb3abc55459111f81a382cc2dc389f4af28b70b86d2fae3

SHA512
dacbc914d8bbe458a2b3eaceb069c0dd6f991374aa8b1e5b46bde1521c6d4ff8a554c07c98b459aec205050671899b6224136410fd0da712e455aab7e3f90e96

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
71KB

MD5
5211ffe271ad1f4eb2df4bf6b3004013

SHA1
14581cb0d415c71992ad1c031d2ff13efd065dac

SHA256
2a5db1f0c303b506eeb3abc55459111f81a382cc2dc389f4af28b70b86d2fae3

SHA512
dacbc914d8bbe458a2b3eaceb069c0dd6f991374aa8b1e5b46bde1521c6d4ff8a554c07c98b459aec205050671899b6224136410fd0da712e455aab7e3f90e96

Download Submit
memory/1708-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1708-55-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1708-56-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1708-58-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1708-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2232-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2232-73-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2232-72-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2232-80-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download