86aca6964228ea465a7ce38fba1f571aaf6a239e8b0dfd7544d6f148ab504461

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2023 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80cb3e2a0ac372b76001e6d0c5316b83_cryptolocker_JC.exe
Size

57KB
MD5

80cb3e2a0ac372b76001e6d0c5316b83
SHA1

f899a67f51b92421dc03a19925e063a0a7e0c2ae
SHA256

86aca6964228ea465a7ce38fba1f571aaf6a239e8b0dfd7544d6f148ab504461
SHA512

332d47f4b0277627212c9815a1150de5fc3f33f938a59f7600583a077c80e879f1d31ab744921d425a2b179d766439fbc7e7d7b6a3e03250c87009b0ec2edd51
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylcbL7uxEUSw:79mqyNhQMOtEvwDpjBPY7xv3gy7ux1Sw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3196	asih.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 3196	3852	80cb3e2a0ac372b76001e6d0c5316b83_cryptolocker_JC.exe	82
PID 3852 wrote to memory of 3196	3852	80cb3e2a0ac372b76001e6d0c5316b83_cryptolocker_JC.exe	82
PID 3852 wrote to memory of 3196	3852	80cb3e2a0ac372b76001e6d0c5316b83_cryptolocker_JC.exe	82

C:\Users\Admin\AppData\Local\Temp\80cb3e2a0ac372b76001e6d0c5316b83_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\80cb3e2a0ac372b76001e6d0c5316b83_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
58KB

MD5
db0c1bc8b2533a96b09d1b8a2434f4f5

SHA1
940cb771e95347a6da3e3dba328636f0679e7fdc

SHA256
29b0438efa86b4f3ee821d1f2a04485711b7cf82926a6c9b56b7cd0ca81198dc

SHA512
17af18fcfa50a0536f6ac36c5f186c55da3144978e53c37304ab283e09ead956ae8882cacd81fef9f93cfade831d2c86851d5168189ca6dfd9d66d401aab31cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
58KB

MD5
db0c1bc8b2533a96b09d1b8a2434f4f5

SHA1
940cb771e95347a6da3e3dba328636f0679e7fdc

SHA256
29b0438efa86b4f3ee821d1f2a04485711b7cf82926a6c9b56b7cd0ca81198dc

SHA512
17af18fcfa50a0536f6ac36c5f186c55da3144978e53c37304ab283e09ead956ae8882cacd81fef9f93cfade831d2c86851d5168189ca6dfd9d66d401aab31cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
58KB

MD5
db0c1bc8b2533a96b09d1b8a2434f4f5

SHA1
940cb771e95347a6da3e3dba328636f0679e7fdc

SHA256
29b0438efa86b4f3ee821d1f2a04485711b7cf82926a6c9b56b7cd0ca81198dc

SHA512
17af18fcfa50a0536f6ac36c5f186c55da3144978e53c37304ab283e09ead956ae8882cacd81fef9f93cfade831d2c86851d5168189ca6dfd9d66d401aab31cd

Download Submit
memory/3196-20-0x0000000001FE0000-0x0000000001FE6000-memory.dmp

Filesize
24KB

Download
memory/3196-19-0x0000000002000000-0x0000000002006000-memory.dmp

Filesize
24KB

Download
memory/3196-26-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3852-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3852-1-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/3852-2-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/3852-3-0x0000000000710000-0x0000000000716000-memory.dmp

Filesize
24KB

Download
memory/3852-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download