adb4a3197e2b3ee47b7f4df208661da4d62f5e26620fab886aaedc399c6f0c94

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2023 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cab0d331b3d51caa6ebbd01b74b906b3_cryptolocker_JC.exe
Size

65KB
MD5

cab0d331b3d51caa6ebbd01b74b906b3
SHA1

e910aaf641d5f587994c28f0d1f05c65130ba47c
SHA256

adb4a3197e2b3ee47b7f4df208661da4d62f5e26620fab886aaedc399c6f0c94
SHA512

6cda70e3c1f9c6d50e585d8619e9da04fd4115a64a0b74e1c475ce65a9950f047b73003b8e56a469d5c0193e14566aad073a90f47044a0fe909d318c0c012aa5
SSDEEP

1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsal8:1nK6a+qdOOtEvwDpjF

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4932	asih.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/224-0-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral2/files/0x0006000000023006-13.dat	upx
behavioral2/files/0x0006000000023006-17.dat	upx
behavioral2/memory/4932-18-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral2/memory/224-16-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral2/files/0x0006000000023006-15.dat	upx
behavioral2/memory/4932-27-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 4932	224	cab0d331b3d51caa6ebbd01b74b906b3_cryptolocker_JC.exe	87
PID 224 wrote to memory of 4932	224	cab0d331b3d51caa6ebbd01b74b906b3_cryptolocker_JC.exe	87
PID 224 wrote to memory of 4932	224	cab0d331b3d51caa6ebbd01b74b906b3_cryptolocker_JC.exe	87

C:\Users\Admin\AppData\Local\Temp\cab0d331b3d51caa6ebbd01b74b906b3_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\cab0d331b3d51caa6ebbd01b74b906b3_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
65KB

MD5
96f4e007e414c3ee6af2e0964a3c15d7

SHA1
122628ef715aa148d185e3029002459229210ade

SHA256
e10d22078a3fe0c768efdf5282567bdae4405e62c17ec1b684de1164124e8bb1

SHA512
85a91e40a57388d1308f789c2682971b3cf076e86d715475aa1eaf392d94facf356872c0e35124164f4bf153a9dde62a427b0c7bc18725c3821ed94e139665d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
65KB

MD5
96f4e007e414c3ee6af2e0964a3c15d7

SHA1
122628ef715aa148d185e3029002459229210ade

SHA256
e10d22078a3fe0c768efdf5282567bdae4405e62c17ec1b684de1164124e8bb1

SHA512
85a91e40a57388d1308f789c2682971b3cf076e86d715475aa1eaf392d94facf356872c0e35124164f4bf153a9dde62a427b0c7bc18725c3821ed94e139665d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
65KB

MD5
96f4e007e414c3ee6af2e0964a3c15d7

SHA1
122628ef715aa148d185e3029002459229210ade

SHA256
e10d22078a3fe0c768efdf5282567bdae4405e62c17ec1b684de1164124e8bb1

SHA512
85a91e40a57388d1308f789c2682971b3cf076e86d715475aa1eaf392d94facf356872c0e35124164f4bf153a9dde62a427b0c7bc18725c3821ed94e139665d2

Download Submit
memory/224-0-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/224-1-0x0000000000510000-0x0000000000516000-memory.dmp

Filesize
24KB

Download
memory/224-2-0x0000000000510000-0x0000000000516000-memory.dmp

Filesize
24KB

Download
memory/224-3-0x0000000000530000-0x0000000000536000-memory.dmp

Filesize
24KB

Download
memory/224-16-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/4932-18-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/4932-20-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/4932-21-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/4932-27-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download