d9faa8c945d0a3bc46a71640d1906604293304047f6f4665be83a1c1c9ff93e9

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
24-08-2023 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe
Size

29KB
MD5

8509706714df9be274828dd28a2e7e86
SHA1

c2af69eff8f38236d41d77c43b26ebaa8068b44c
SHA256

d9faa8c945d0a3bc46a71640d1906604293304047f6f4665be83a1c1c9ff93e9
SHA512

3d4daa4f7201373df4e15a8baba4bba84f2e24c47350ed7bce94361546f2cd71308ddad70f574b18e16a10631610274a0f1dc801ae23ff48ec1d9130253abc46
SSDEEP

384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUgIunvs9ZU:bA74zYcgT/Ekd0ryfjPIunvsLU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2068	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2104	8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2068	2104	8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe	28
PID 2104 wrote to memory of 2068	2104	8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe	28
PID 2104 wrote to memory of 2068	2104	8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe	28
PID 2104 wrote to memory of 2068	2104	8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\8509706714df9be274828dd28a2e7e86_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
29KB

MD5
c180c6b26135e3cfcfe682e1315e0945

SHA1
590cc50b531acae8f0b4d21aa3d0dd21f14954aa

SHA256
95fe2c80293e2aa243bf6dcd7306f064f3f689898ef0ba65aecc82c790843253

SHA512
d166fcac6e6e4eb5580be60caece52b8a8a202a49c11dc02ebbdeb603c9a237cf96f8ba407b7adcad95f04c4c89b251ac2c893a00de3b86c63f80ea0eb881656

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
29KB

MD5
c180c6b26135e3cfcfe682e1315e0945

SHA1
590cc50b531acae8f0b4d21aa3d0dd21f14954aa

SHA256
95fe2c80293e2aa243bf6dcd7306f064f3f689898ef0ba65aecc82c790843253

SHA512
d166fcac6e6e4eb5580be60caece52b8a8a202a49c11dc02ebbdeb603c9a237cf96f8ba407b7adcad95f04c4c89b251ac2c893a00de3b86c63f80ea0eb881656

Download Submit
\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
29KB

MD5
c180c6b26135e3cfcfe682e1315e0945

SHA1
590cc50b531acae8f0b4d21aa3d0dd21f14954aa

SHA256
95fe2c80293e2aa243bf6dcd7306f064f3f689898ef0ba65aecc82c790843253

SHA512
d166fcac6e6e4eb5580be60caece52b8a8a202a49c11dc02ebbdeb603c9a237cf96f8ba407b7adcad95f04c4c89b251ac2c893a00de3b86c63f80ea0eb881656

Download Submit
memory/2068-15-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/2068-16-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2104-0-0x0000000001BA0000-0x0000000001BA6000-memory.dmp

Filesize
24KB

Download
memory/2104-1-0x0000000001BA0000-0x0000000001BA6000-memory.dmp

Filesize
24KB

Download
memory/2104-2-0x0000000001BC0000-0x0000000001BC6000-memory.dmp

Filesize
24KB

Download