ad79f3f83938c537c7db45d3e9002b26e0347445911e4678fca0105e41ac3a89 | Triage

Analysis

max time kernel
1s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 17:49

Sharing

Report Analysis Logs

General

Target

c379ba540588482beed05abbd6d137bf_cryptolocker_JC.exe
Size

41KB
MD5

c379ba540588482beed05abbd6d137bf
SHA1

1c0149e633a4869ff985f88f4ee4cc03a3a7d7b7
SHA256

ad79f3f83938c537c7db45d3e9002b26e0347445911e4678fca0105e41ac3a89
SHA512

4af088867b4c400f27f10670af23d3c1b9951fc232757cafaf3de9a9cfa865136c6b9330e25bbfe65f4728e3b2f46560210620f2c3a31c2a31b5eb60a2a0d9f9
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3V:X6QFElP6n+gJQMOtEvwDpjBM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c379ba540588482beed05abbd6d137bf_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\c379ba540588482beed05abbd6d137bf_cryptolocker_JC.exe"
1⤵
PID:976
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
82921e192d566a7b5cb8e9a08de16106

SHA1
de862e47c75b26462960826ad7ba0f22bddd1c8f

SHA256
7fdcf74cf4c8c7a181a1f7e0e3a1aa694b46462b94c87e4a81facf88765da23b

SHA512
109a7d7211a0be83acaa03f3b5c0a61bcaec5a0f86a83d1e99e7d9677948c99f5942c0f55f8e021afa87ac135697c10e4571470fef82c74f9ca9269432e3c5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
82921e192d566a7b5cb8e9a08de16106

SHA1
de862e47c75b26462960826ad7ba0f22bddd1c8f

SHA256
7fdcf74cf4c8c7a181a1f7e0e3a1aa694b46462b94c87e4a81facf88765da23b

SHA512
109a7d7211a0be83acaa03f3b5c0a61bcaec5a0f86a83d1e99e7d9677948c99f5942c0f55f8e021afa87ac135697c10e4571470fef82c74f9ca9269432e3c5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
41KB

MD5
82921e192d566a7b5cb8e9a08de16106

SHA1
de862e47c75b26462960826ad7ba0f22bddd1c8f

SHA256
7fdcf74cf4c8c7a181a1f7e0e3a1aa694b46462b94c87e4a81facf88765da23b

SHA512
109a7d7211a0be83acaa03f3b5c0a61bcaec5a0f86a83d1e99e7d9677948c99f5942c0f55f8e021afa87ac135697c10e4571470fef82c74f9ca9269432e3c5e8

Download Submit
memory/976-0-0x0000000002190000-0x0000000002196000-memory.dmp

Filesize
24KB

Download
memory/976-1-0x0000000002190000-0x0000000002196000-memory.dmp

Filesize
24KB

Download
memory/976-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download