26bf3667bf1d4dd57dc72d681e376cd99c726242f02a473f832e16e3b0c87d3f

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24c871db2676267462d71554f8a3475b_cryptolocker_JC.exe
Size

89KB
MD5

24c871db2676267462d71554f8a3475b
SHA1

e6419c648f41def586b609a1889a745932511ac4
SHA256

26bf3667bf1d4dd57dc72d681e376cd99c726242f02a473f832e16e3b0c87d3f
SHA512

31f05c5f6323f180ebd556b326e4713ae6ceb091c57d543693eec2b6057e930eefd62e8d5ad86880d297f754b1a26115f1a6d91ca2af4700e121e005cf18a8c7
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWt:V6a+pOtEvwDpjtw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4120	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 4120	796	24c871db2676267462d71554f8a3475b_cryptolocker_JC.exe	82
PID 796 wrote to memory of 4120	796	24c871db2676267462d71554f8a3475b_cryptolocker_JC.exe	82
PID 796 wrote to memory of 4120	796	24c871db2676267462d71554f8a3475b_cryptolocker_JC.exe	82

C:\Users\Admin\AppData\Local\Temp\24c871db2676267462d71554f8a3475b_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\24c871db2676267462d71554f8a3475b_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:796
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
89KB

MD5
a486204412f1de8769a45fe463e5d35c

SHA1
e4cb70f44949243f6fffb47af6dcfd14d60dbd0b

SHA256
a80e978eef498573c3f24b97449009043ec05ffd9436bdef032b0ea324057236

SHA512
f2093467c7b339b5aabaa9fd6ceaa81f89f93be03d244bce6238f68374b978d1080643a1823e43877e6192a3a67c63725f13d658722ac279d4b3337c50605f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
89KB

MD5
a486204412f1de8769a45fe463e5d35c

SHA1
e4cb70f44949243f6fffb47af6dcfd14d60dbd0b

SHA256
a80e978eef498573c3f24b97449009043ec05ffd9436bdef032b0ea324057236

SHA512
f2093467c7b339b5aabaa9fd6ceaa81f89f93be03d244bce6238f68374b978d1080643a1823e43877e6192a3a67c63725f13d658722ac279d4b3337c50605f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
89KB

MD5
a486204412f1de8769a45fe463e5d35c

SHA1
e4cb70f44949243f6fffb47af6dcfd14d60dbd0b

SHA256
a80e978eef498573c3f24b97449009043ec05ffd9436bdef032b0ea324057236

SHA512
f2093467c7b339b5aabaa9fd6ceaa81f89f93be03d244bce6238f68374b978d1080643a1823e43877e6192a3a67c63725f13d658722ac279d4b3337c50605f09

Download Submit
memory/796-133-0x0000000000570000-0x0000000000576000-memory.dmp

Filesize
24KB

Download
memory/796-134-0x0000000000570000-0x0000000000576000-memory.dmp

Filesize
24KB

Download
memory/796-135-0x0000000002070000-0x0000000002076000-memory.dmp

Filesize
24KB

Download
memory/4120-151-0x0000000001FD0000-0x0000000001FD6000-memory.dmp

Filesize
24KB

Download
memory/4120-150-0x0000000001FF0000-0x0000000001FF6000-memory.dmp

Filesize
24KB

Download