f5b0c200677f9ecc35c700f39108d97254ea08831c3fb79351f72ff35cd2f29d

Analysis

max time kernel
143s
max time network
151s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
29/09/2023, 19:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe
Size

47KB
MD5

d14264469e40fe025f7b916b02c62c66
SHA1

815f23e3399f623b61a92a06a017b792c0812ed4
SHA256

f5b0c200677f9ecc35c700f39108d97254ea08831c3fb79351f72ff35cd2f29d
SHA512

a0afc5ae55dbc54935ff4cefaf5c9c50305d0b0ea3fbc46020477631d475149b2800ffde7c85d8940985f885476a719c0872a230e0d78b03c0b9121612b12752
SSDEEP

768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05RKb6FKn:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKbz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2632	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1344	2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2632	1344	2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe	28
PID 1344 wrote to memory of 2632	1344	2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe	28
PID 1344 wrote to memory of 2632	1344	2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe	28
PID 1344 wrote to memory of 2632	1344	2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_d14264469e40fe025f7b916b02c62c66_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
48KB

MD5
86457eb563a31364e6279eaf7b40fee2

SHA1
c4bd3ee5cc01d1e2631f33f6d92d0d65984bcb04

SHA256
c151f535537379e162a70461ccbcf14fd877dec134d583301a9b4f213bf452a9

SHA512
c3b1a5228963b34e0fba2c9b53cb5b8cf4783433de1f50ddc0ae9db4acb0de8cb0b875c82e6a4118007b8dc3a4e84be29a4b1d6a1fdb967461552f98dff27c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
48KB

MD5
86457eb563a31364e6279eaf7b40fee2

SHA1
c4bd3ee5cc01d1e2631f33f6d92d0d65984bcb04

SHA256
c151f535537379e162a70461ccbcf14fd877dec134d583301a9b4f213bf452a9

SHA512
c3b1a5228963b34e0fba2c9b53cb5b8cf4783433de1f50ddc0ae9db4acb0de8cb0b875c82e6a4118007b8dc3a4e84be29a4b1d6a1fdb967461552f98dff27c39

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
48KB

MD5
86457eb563a31364e6279eaf7b40fee2

SHA1
c4bd3ee5cc01d1e2631f33f6d92d0d65984bcb04

SHA256
c151f535537379e162a70461ccbcf14fd877dec134d583301a9b4f213bf452a9

SHA512
c3b1a5228963b34e0fba2c9b53cb5b8cf4783433de1f50ddc0ae9db4acb0de8cb0b875c82e6a4118007b8dc3a4e84be29a4b1d6a1fdb967461552f98dff27c39

Download Submit
memory/1344-1-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/1344-3-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/1344-2-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/1344-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1344-16-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/1344-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1344-27-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/2632-18-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2632-20-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2632-19-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2632-28-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download