c790be9e895de74e6c291c68a7d52a5469b90be24ba1d88fef16d2f783f8a24b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2023 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d4bd2f459245a3a72d4090327b92856_cryptolocker_JC.exe
Size

90KB
MD5

9d4bd2f459245a3a72d4090327b92856
SHA1

b4ace7a9bdd90d9fa0a662e1e0c3a390c9d6dde0
SHA256

c790be9e895de74e6c291c68a7d52a5469b90be24ba1d88fef16d2f783f8a24b
SHA512

dd6c95e189e8bfc1c4e07eac0fa008dda20df70fd5e938279e04bfc49aa225e05ecd4f9d11536e3600fdd22e805081598b95decc96092647036a21d1a163e672
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWHShl/3WPbP:V6a+pOtEvwDpjtA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4192	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 4192	2820	9d4bd2f459245a3a72d4090327b92856_cryptolocker_JC.exe	82
PID 2820 wrote to memory of 4192	2820	9d4bd2f459245a3a72d4090327b92856_cryptolocker_JC.exe	82
PID 2820 wrote to memory of 4192	2820	9d4bd2f459245a3a72d4090327b92856_cryptolocker_JC.exe	82

C:\Users\Admin\AppData\Local\Temp\9d4bd2f459245a3a72d4090327b92856_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\9d4bd2f459245a3a72d4090327b92856_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6e363ab7da37ce8245b515bf7bc635c5

SHA1
0b6c78ba5524c665fa925068b9efa96eb2fe9003

SHA256
6eb6c6fd2948953e225a36f89a7a18856c46a26df6cbd4933e0d5023925bcb63

SHA512
0275f2588c2822dfc10a975ae1330412c802e843b695ff44cff1dad945c4ff776ba1781c74baa420d16de328e8cb71aff8796f695a0b95ba74258254735b815f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6e363ab7da37ce8245b515bf7bc635c5

SHA1
0b6c78ba5524c665fa925068b9efa96eb2fe9003

SHA256
6eb6c6fd2948953e225a36f89a7a18856c46a26df6cbd4933e0d5023925bcb63

SHA512
0275f2588c2822dfc10a975ae1330412c802e843b695ff44cff1dad945c4ff776ba1781c74baa420d16de328e8cb71aff8796f695a0b95ba74258254735b815f

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
90KB

MD5
6e363ab7da37ce8245b515bf7bc635c5

SHA1
0b6c78ba5524c665fa925068b9efa96eb2fe9003

SHA256
6eb6c6fd2948953e225a36f89a7a18856c46a26df6cbd4933e0d5023925bcb63

SHA512
0275f2588c2822dfc10a975ae1330412c802e843b695ff44cff1dad945c4ff776ba1781c74baa420d16de328e8cb71aff8796f695a0b95ba74258254735b815f

Download Submit
memory/2820-133-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download
memory/2820-134-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download
memory/2820-135-0x0000000000750000-0x0000000000756000-memory.dmp

Filesize
24KB

Download
memory/4192-150-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/4192-151-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download