b2b55f50e254ca7a62a4e024fd86f4c83f5c8b864ad25e69868d6c1f373434a4

Analysis

max time kernel
149s
max time network
166s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
06/11/2023, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe
Size

115KB
MD5

6875f81f7b0435f4b345aa0204cac75a
SHA1

88bf970a696ff0ff5c2d7de5384812cc53a04eb4
SHA256

b2b55f50e254ca7a62a4e024fd86f4c83f5c8b864ad25e69868d6c1f373434a4
SHA512

54d53d8b216c811cc82b215254e1a2f87d4ca0c192e37e2a5ce52aba69b26ef8f9e6aa7c3c5e3f40cba26e5fa3e84cc7dc22f78611d01d903d44147cc15a8baa
SSDEEP

1536:T6QFElP6n+gxmddpMOtEvwDpjCGYQbN/PKwNgerar/A:T6a+rdOOtEvwDpjLzx

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1704	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2104	NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000e00000001201d-11.dat	upx
behavioral1/files/0x000e00000001201d-14.dat	upx
behavioral1/memory/2104-15-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000e00000001201d-23.dat	upx
behavioral1/memory/1704-24-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1704	2104	NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe	28
PID 2104 wrote to memory of 1704	2104	NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe	28
PID 2104 wrote to memory of 1704	2104	NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe	28
PID 2104 wrote to memory of 1704	2104	NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-27_6875f81f7b0435f4b345aa0204cac75a_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
115KB

MD5
b794bfa0c768cc4ba25e76cb7455f8f7

SHA1
63016fe1e9ef92ae8908bf151c25ca8c2d0869d8

SHA256
6eea38922b3fbe55bf3a01be4fa0cf7a87b2687497131554e01feddab1e9bbd2

SHA512
921e50a1d0b889714f91475dafc7dea7d0356c8745d2b3b7129f0c4474cea3997118cc3012026a6f0e77caf163c1e6be8fb60c22ebda68004b28fac7cbce8573

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
115KB

MD5
b794bfa0c768cc4ba25e76cb7455f8f7

SHA1
63016fe1e9ef92ae8908bf151c25ca8c2d0869d8

SHA256
6eea38922b3fbe55bf3a01be4fa0cf7a87b2687497131554e01feddab1e9bbd2

SHA512
921e50a1d0b889714f91475dafc7dea7d0356c8745d2b3b7129f0c4474cea3997118cc3012026a6f0e77caf163c1e6be8fb60c22ebda68004b28fac7cbce8573

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
115KB

MD5
b794bfa0c768cc4ba25e76cb7455f8f7

SHA1
63016fe1e9ef92ae8908bf151c25ca8c2d0869d8

SHA256
6eea38922b3fbe55bf3a01be4fa0cf7a87b2687497131554e01feddab1e9bbd2

SHA512
921e50a1d0b889714f91475dafc7dea7d0356c8745d2b3b7129f0c4474cea3997118cc3012026a6f0e77caf163c1e6be8fb60c22ebda68004b28fac7cbce8573

Download Submit
memory/1704-17-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1704-24-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2104-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2104-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2104-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2104-3-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2104-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download