788263b0bc24fc669d3542da2baf583f63b32085c778a2e2d39b74b3d433b947

Analysis

max time kernel
139s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2023 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7d2d66bfc1ea31b51382737168d1101_cryptolocker_JC.exe
Size

41KB
MD5

f7d2d66bfc1ea31b51382737168d1101
SHA1

7a33010b530b28dded6f8c405a7fd55711a49950
SHA256

788263b0bc24fc669d3542da2baf583f63b32085c778a2e2d39b74b3d433b947
SHA512

206111946d9ee112325f31b878be5f32e6755e275c3c8f17a6b9ee52f8c984323890b3dc33f1d211764940f113f9a25e41ca39c4e23035ccef3bdfeea97b30c3
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPoM:V6QFElP6n+gMQMOtEvwDpjyaLccb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1884	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1884	1404	f7d2d66bfc1ea31b51382737168d1101_cryptolocker_JC.exe	80
PID 1404 wrote to memory of 1884	1404	f7d2d66bfc1ea31b51382737168d1101_cryptolocker_JC.exe	80
PID 1404 wrote to memory of 1884	1404	f7d2d66bfc1ea31b51382737168d1101_cryptolocker_JC.exe	80

C:\Users\Admin\AppData\Local\Temp\f7d2d66bfc1ea31b51382737168d1101_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\f7d2d66bfc1ea31b51382737168d1101_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
2b77a96686463830d55eb25b68a9fa6a

SHA1
9804839cfa9643355f409ab2fd6f8bb848e0d991

SHA256
b60ab45f45bfd537ceab648f6cd83fe659735550993e54bc4d06315a50d666a0

SHA512
d8733d2c9c3740ac9c016262eb27fa252d854f08dea8cd3ab9dfb5639e3e22b49c62f873ded892a23ee21fc0803ee8b51d06e8915ceaf123c876371f4bbc24b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
2b77a96686463830d55eb25b68a9fa6a

SHA1
9804839cfa9643355f409ab2fd6f8bb848e0d991

SHA256
b60ab45f45bfd537ceab648f6cd83fe659735550993e54bc4d06315a50d666a0

SHA512
d8733d2c9c3740ac9c016262eb27fa252d854f08dea8cd3ab9dfb5639e3e22b49c62f873ded892a23ee21fc0803ee8b51d06e8915ceaf123c876371f4bbc24b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
2b77a96686463830d55eb25b68a9fa6a

SHA1
9804839cfa9643355f409ab2fd6f8bb848e0d991

SHA256
b60ab45f45bfd537ceab648f6cd83fe659735550993e54bc4d06315a50d666a0

SHA512
d8733d2c9c3740ac9c016262eb27fa252d854f08dea8cd3ab9dfb5639e3e22b49c62f873ded892a23ee21fc0803ee8b51d06e8915ceaf123c876371f4bbc24b5

Download Submit
memory/1404-136-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1404-137-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1404-138-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/1884-153-0x0000000000650000-0x0000000000656000-memory.dmp

Filesize
24KB

Download
memory/1884-155-0x0000000000620000-0x0000000000626000-memory.dmp

Filesize
24KB

Download