3535694b9d882f1ca70a5f214723a97f019a26bd6ae579e5d3a92f683395aaa1

Analysis

max time kernel
165s
max time network
189s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe
Size

53KB
MD5

afe06ee64dffb26cc82c91f4316e5d9a
SHA1

4dcdd4e9803a7d0b2b1a13b04054d7b1f3789f35
SHA256

3535694b9d882f1ca70a5f214723a97f019a26bd6ae579e5d3a92f683395aaa1
SHA512

bb74db56a38c9e9e8c9247c2fe009fb3f41db50981e70edd732eb8afde740281e96e7bdc9bf5b20a16cd5c694edeee60b883f0f2be8d89d07bbda4c38bff8e21
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylsPK:79mqyNhQMOtEvwDpjBPY7xv3gyi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2156	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2500	afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2156	2500	afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe	29
PID 2500 wrote to memory of 2156	2500	afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe	29
PID 2500 wrote to memory of 2156	2500	afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe	29
PID 2500 wrote to memory of 2156	2500	afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe	29

C:\Users\Admin\AppData\Local\Temp\afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\afe06ee64dffb26cc82c91f4316e5d9a_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
53KB

MD5
f593910240161a8f672c4c27b73535b3

SHA1
1e88d21dec58a4707555dfdca15f46cc5f13d3c6

SHA256
329b9c90801dba064a93996b8753ad776c5a20e8742920823e762c5900a52c9c

SHA512
45e7ed2816708503dde9927ef258da93fd56611cea53ca044db1d1fc9c3faff31a10bf86b2db8df9099ad450489103ff3a9c903ac8a805c0fd7018c1994be114

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
53KB

MD5
f593910240161a8f672c4c27b73535b3

SHA1
1e88d21dec58a4707555dfdca15f46cc5f13d3c6

SHA256
329b9c90801dba064a93996b8753ad776c5a20e8742920823e762c5900a52c9c

SHA512
45e7ed2816708503dde9927ef258da93fd56611cea53ca044db1d1fc9c3faff31a10bf86b2db8df9099ad450489103ff3a9c903ac8a805c0fd7018c1994be114

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
53KB

MD5
f593910240161a8f672c4c27b73535b3

SHA1
1e88d21dec58a4707555dfdca15f46cc5f13d3c6

SHA256
329b9c90801dba064a93996b8753ad776c5a20e8742920823e762c5900a52c9c

SHA512
45e7ed2816708503dde9927ef258da93fd56611cea53ca044db1d1fc9c3faff31a10bf86b2db8df9099ad450489103ff3a9c903ac8a805c0fd7018c1994be114

Download Submit
memory/2156-18-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2156-17-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2156-25-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2500-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2500-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2500-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2500-3-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2500-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download