321f4789a59ecf7676e62b5be774aa3fb65d6e99d993df44ac88abd4dd80f1f0

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2023 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a39875b4b7f5bdca8a0d70e9407c9cb_cryptolocker_JC.exe
Size

47KB
MD5

0a39875b4b7f5bdca8a0d70e9407c9cb
SHA1

6272c19bee731a5489c84f30d664d86af7fe790c
SHA256

321f4789a59ecf7676e62b5be774aa3fb65d6e99d993df44ac88abd4dd80f1f0
SHA512

86a5bcf7fadf2656ec039104ea9a0c906a2e14e892377e1f4e840cc4aaadb380caea39358a8a4ec96a3d516bfbcc6ed57d6d7caaf3f8e9f51694d073ba153774
SSDEEP

768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05RKb6F5J:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKbU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2612	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2612	4832	0a39875b4b7f5bdca8a0d70e9407c9cb_cryptolocker_JC.exe	81
PID 4832 wrote to memory of 2612	4832	0a39875b4b7f5bdca8a0d70e9407c9cb_cryptolocker_JC.exe	81
PID 4832 wrote to memory of 2612	4832	0a39875b4b7f5bdca8a0d70e9407c9cb_cryptolocker_JC.exe	81

C:\Users\Admin\AppData\Local\Temp\0a39875b4b7f5bdca8a0d70e9407c9cb_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\0a39875b4b7f5bdca8a0d70e9407c9cb_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
47KB

MD5
107fabd9fd2af049f5bcf9deefd1deb4

SHA1
42696529ef9fe6a3149c1552dab06d3bddc2a090

SHA256
9f29c2775ab621f81c39caeee2ab5fddc181ef2e2e31d12686480b924dc99a29

SHA512
c00391923b3c0f39d32c7ebc4480d56e0c6cae32a40c705e0cab63b59525f301f496fa6ba6ab9021d522ce56318ab7505e0ef9ac4c531e76884d964ce4aeffc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
47KB

MD5
107fabd9fd2af049f5bcf9deefd1deb4

SHA1
42696529ef9fe6a3149c1552dab06d3bddc2a090

SHA256
9f29c2775ab621f81c39caeee2ab5fddc181ef2e2e31d12686480b924dc99a29

SHA512
c00391923b3c0f39d32c7ebc4480d56e0c6cae32a40c705e0cab63b59525f301f496fa6ba6ab9021d522ce56318ab7505e0ef9ac4c531e76884d964ce4aeffc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
47KB

MD5
107fabd9fd2af049f5bcf9deefd1deb4

SHA1
42696529ef9fe6a3149c1552dab06d3bddc2a090

SHA256
9f29c2775ab621f81c39caeee2ab5fddc181ef2e2e31d12686480b924dc99a29

SHA512
c00391923b3c0f39d32c7ebc4480d56e0c6cae32a40c705e0cab63b59525f301f496fa6ba6ab9021d522ce56318ab7505e0ef9ac4c531e76884d964ce4aeffc0

Download Submit
memory/2612-152-0x0000000000860000-0x0000000000866000-memory.dmp

Filesize
24KB

Download
memory/2612-153-0x0000000000840000-0x0000000000846000-memory.dmp

Filesize
24KB

Download
memory/2612-159-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/4832-133-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/4832-134-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/4832-135-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/4832-136-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/4832-150-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download