7137761dee9da74404884e8f19d1c072297b4e9485ad31aadb67c9dc5eccb252

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 18:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe
Size

33KB
MD5

94c093b0b81fbecd3357a15a202613c3
SHA1

71e81df91e36ffce6419625f950031afa3b4a2ca
SHA256

7137761dee9da74404884e8f19d1c072297b4e9485ad31aadb67c9dc5eccb252
SHA512

d937c1d5df5c442db446297074c8a8b2eaa4477a0607d24ce3a9ee7ea66d53fcb2f8d052d05170a0b533dfe4cb9cb1f8e3b7f06b2604aa374616b66600eb004d
SSDEEP

768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPg:YGzl5wjRQBBOsP1QMOtEvwDpjgar9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2072	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2836	NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2072	2836	NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe	28
PID 2836 wrote to memory of 2072	2836	NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe	28
PID 2836 wrote to memory of 2072	2836	NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe	28
PID 2836 wrote to memory of 2072	2836	NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-06_94c093b0b81fbecd3357a15a202613c3_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
33KB

MD5
7f94ed180de3eccedb827b2c4bcaae5d

SHA1
b3fd9cdfd087bdbc5cc9eef634dba84ae61ebc29

SHA256
0b2a8bc2a0756a9ab266a95f2cf408155cd5b457b00ff6dadc2b414ae82cf205

SHA512
08bd781f0d3a3153732122cbf06d7f6a3d0821d66d8930aef2c4c9d3dc5957692aa35e3b40848b3aa3e01c1afa2cc5170f734b8cf3c3847712abcc0141637434

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
33KB

MD5
7f94ed180de3eccedb827b2c4bcaae5d

SHA1
b3fd9cdfd087bdbc5cc9eef634dba84ae61ebc29

SHA256
0b2a8bc2a0756a9ab266a95f2cf408155cd5b457b00ff6dadc2b414ae82cf205

SHA512
08bd781f0d3a3153732122cbf06d7f6a3d0821d66d8930aef2c4c9d3dc5957692aa35e3b40848b3aa3e01c1afa2cc5170f734b8cf3c3847712abcc0141637434

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
33KB

MD5
7f94ed180de3eccedb827b2c4bcaae5d

SHA1
b3fd9cdfd087bdbc5cc9eef634dba84ae61ebc29

SHA256
0b2a8bc2a0756a9ab266a95f2cf408155cd5b457b00ff6dadc2b414ae82cf205

SHA512
08bd781f0d3a3153732122cbf06d7f6a3d0821d66d8930aef2c4c9d3dc5957692aa35e3b40848b3aa3e01c1afa2cc5170f734b8cf3c3847712abcc0141637434

Download Submit
memory/2072-16-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2072-18-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2072-25-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2836-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2836-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2836-2-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/2836-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2836-14-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download