27c41cce850361b90549044764e4a6438d853cafb64b47babaf8f8df27c9a8ce

Analysis

max time kernel
150s
max time network
140s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15-08-2023 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe
Size

30KB
MD5

fa17667ac8c67a8b3856839ecc37689d
SHA1

a39f8d6479e326995bdc447ec8bddd862075d6e7
SHA256

27c41cce850361b90549044764e4a6438d853cafb64b47babaf8f8df27c9a8ce
SHA512

a2bc8dd94213c403c4809ecb1c85fe66d4dd6e5d7ce614c7d2da3044749c119e3e8aef683ad3513b88ac86002295b488919f915a8b6398592e9d9f8cec880ce5
SSDEEP

768:q0ZziOWwULueOSdE8tOOtEvwDpjej4AY3xKvX:q0zizzOSxMOtEvwDpjC3IMvX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2840	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2924	fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2840	2924	fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe	28
PID 2924 wrote to memory of 2840	2924	fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe	28
PID 2924 wrote to memory of 2840	2924	fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe	28
PID 2924 wrote to memory of 2840	2924	fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\fa17667ac8c67a8b3856839ecc37689d_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
31KB

MD5
f51de8e8eab49795e2192d70bfe8849a

SHA1
256589dc7a29f813a503ec1ea7df2e651bac5ec8

SHA256
5ce58de8bacc0af392208ac334d82e0c61ec8f78316c5c46574f433988807920

SHA512
76f465db596d78dd75a8ce55e540c00fd78cd4f5b0374a5e8c0f501e92ffa966e44fd00f4ee9affc461251da277cb4ba9549a996fbd29dc8c2f542310568380b

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
31KB

MD5
f51de8e8eab49795e2192d70bfe8849a

SHA1
256589dc7a29f813a503ec1ea7df2e651bac5ec8

SHA256
5ce58de8bacc0af392208ac334d82e0c61ec8f78316c5c46574f433988807920

SHA512
76f465db596d78dd75a8ce55e540c00fd78cd4f5b0374a5e8c0f501e92ffa966e44fd00f4ee9affc461251da277cb4ba9549a996fbd29dc8c2f542310568380b

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
31KB

MD5
f51de8e8eab49795e2192d70bfe8849a

SHA1
256589dc7a29f813a503ec1ea7df2e651bac5ec8

SHA256
5ce58de8bacc0af392208ac334d82e0c61ec8f78316c5c46574f433988807920

SHA512
76f465db596d78dd75a8ce55e540c00fd78cd4f5b0374a5e8c0f501e92ffa966e44fd00f4ee9affc461251da277cb4ba9549a996fbd29dc8c2f542310568380b

Download Submit
memory/2840-73-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/2840-71-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2840-74-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2840-82-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2924-68-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2924-58-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2924-70-0x0000000000640000-0x0000000000650000-memory.dmp

Filesize
64KB

Download
memory/2924-56-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2924-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2924-55-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2924-81-0x0000000000640000-0x0000000000650000-memory.dmp

Filesize
64KB

Download