598e8c564fff970120ab55538dabe2369088fac63224b70d916065c02144f5b5

Analysis

max time kernel
137s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aa329e380d88b6b1f0b16ae828686b2_cryptolocker_JC.exe
Size

41KB
MD5

2aa329e380d88b6b1f0b16ae828686b2
SHA1

2833eb048cb7f0fb0bfcaa8826aa8b97ae272155
SHA256

598e8c564fff970120ab55538dabe2369088fac63224b70d916065c02144f5b5
SHA512

3f4402da889275866d56e87675a8df1a241b89471c7bfa7cf0999e2171b678e4c39e3eb8e5d15948a28b44e9507e107adc0528bba7deb94a8cbea871ea20bdb9
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3p:X6QFElP6n+gJQMOtEvwDpjBI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 1108	3328	2aa329e380d88b6b1f0b16ae828686b2_cryptolocker_JC.exe	80
PID 3328 wrote to memory of 1108	3328	2aa329e380d88b6b1f0b16ae828686b2_cryptolocker_JC.exe	80
PID 3328 wrote to memory of 1108	3328	2aa329e380d88b6b1f0b16ae828686b2_cryptolocker_JC.exe	80

C:\Users\Admin\AppData\Local\Temp\2aa329e380d88b6b1f0b16ae828686b2_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2aa329e380d88b6b1f0b16ae828686b2_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
1b3082fc6202a26206a8978cec21ea34

SHA1
fc61d93ac5b4d536392d5c7d0edfc121460ba077

SHA256
b1c4cdd5740c672c3fb4eba96fd033993ba199cfb27fe82a2612acbfc447375b

SHA512
817e147095346b1d29c70be82504aa0eaeeea8ed99d9e1fa1b3c18c8b10f54d5025f6c4b8cfa040b8f07f3faa378671b74cdc7ebf3706837bdae968d21e0c636

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
1b3082fc6202a26206a8978cec21ea34

SHA1
fc61d93ac5b4d536392d5c7d0edfc121460ba077

SHA256
b1c4cdd5740c672c3fb4eba96fd033993ba199cfb27fe82a2612acbfc447375b

SHA512
817e147095346b1d29c70be82504aa0eaeeea8ed99d9e1fa1b3c18c8b10f54d5025f6c4b8cfa040b8f07f3faa378671b74cdc7ebf3706837bdae968d21e0c636

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
1b3082fc6202a26206a8978cec21ea34

SHA1
fc61d93ac5b4d536392d5c7d0edfc121460ba077

SHA256
b1c4cdd5740c672c3fb4eba96fd033993ba199cfb27fe82a2612acbfc447375b

SHA512
817e147095346b1d29c70be82504aa0eaeeea8ed99d9e1fa1b3c18c8b10f54d5025f6c4b8cfa040b8f07f3faa378671b74cdc7ebf3706837bdae968d21e0c636

Download Submit
memory/1108-150-0x00000000006D0000-0x00000000006D6000-memory.dmp

Filesize
24KB

Download
memory/1108-151-0x00000000006B0000-0x00000000006B6000-memory.dmp

Filesize
24KB

Download
memory/3328-133-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/3328-134-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/3328-135-0x00000000007D0000-0x00000000007D6000-memory.dmp

Filesize
24KB

Download