a498e2bd15b75a74b02a595f312224e097035eec892a54835f40231b0a9c426d

Analysis

max time kernel
1s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 13:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a7c5969e1a21aa65feedd36cad5a366b_cryptolocker_JC.exe
Size

100KB
MD5

a7c5969e1a21aa65feedd36cad5a366b
SHA1

1af957e027abc6124e6318944d5fad1c72b16f89
SHA256

a498e2bd15b75a74b02a595f312224e097035eec892a54835f40231b0a9c426d
SHA512

5493a2f3657f56267554159ad4312d73904cefcc9880281e9787588833e8ac7825606b7433388267ca8d1f200db48aa20cfb01ec8828311dee394dff037bba6a
SSDEEP

1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgpQbCJht:AnBdOOtEvwDpj6zs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3088-0-0x0000000000500000-0x000000000050F000-memory.dmp	upx
behavioral2/files/0x00070000000231e6-13.dat	upx
behavioral2/files/0x00070000000231e6-15.dat	upx
behavioral2/files/0x00070000000231e6-16.dat	upx
behavioral2/memory/3088-17-0x0000000000500000-0x000000000050F000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\a7c5969e1a21aa65feedd36cad5a366b_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a7c5969e1a21aa65feedd36cad5a366b_cryptolocker_JC.exe"
1⤵
PID:3088
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
a2560cac772be072053a128fb6d40c4a

SHA1
3632dd920656420bc6851c94d50828cefeba4c3a

SHA256
16c03b86294a15abdc31ad0b461fd2ab8e94b20a480d72784181eaa11a995b42

SHA512
0f96807af3783860ca8fba180e3db028b6438c09bd679aba8e07cd5e7af8e3a4de8979bde483a4be42212b2683337bdd288188beaff9363ba6a266df9c6049bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
a2560cac772be072053a128fb6d40c4a

SHA1
3632dd920656420bc6851c94d50828cefeba4c3a

SHA256
16c03b86294a15abdc31ad0b461fd2ab8e94b20a480d72784181eaa11a995b42

SHA512
0f96807af3783860ca8fba180e3db028b6438c09bd679aba8e07cd5e7af8e3a4de8979bde483a4be42212b2683337bdd288188beaff9363ba6a266df9c6049bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
a2560cac772be072053a128fb6d40c4a

SHA1
3632dd920656420bc6851c94d50828cefeba4c3a

SHA256
16c03b86294a15abdc31ad0b461fd2ab8e94b20a480d72784181eaa11a995b42

SHA512
0f96807af3783860ca8fba180e3db028b6438c09bd679aba8e07cd5e7af8e3a4de8979bde483a4be42212b2683337bdd288188beaff9363ba6a266df9c6049bc

Download Submit
memory/3088-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3088-1-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/3088-2-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/3088-3-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/3088-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download