e2ad65235c16cc843c980ef3718a2f38ca6ebc17f808fe3b9c0b605af7e38d5f

Analysis

max time kernel
2s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe
Size

35KB
MD5

08a6908fb704204ebbe7698bd66751f0
SHA1

abe819fa80dcbd24d1df412da34897e3151326d4
SHA256

e2ad65235c16cc843c980ef3718a2f38ca6ebc17f808fe3b9c0b605af7e38d5f
SHA512

411dc64792ccb43f332ac3c558fcbef2eed626a4755ee9ea684217721b5cc7c2225257b97f3dc144dd795d3293a265b74b9b13cdfecf96724a014f173e508a37
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3TP7Dt2:X6QFElP6n+gJQMOtEvwDpjBmzDI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2348	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2112	2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2348	2112	2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe	18
PID 2112 wrote to memory of 2348	2112	2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe	18
PID 2112 wrote to memory of 2348	2112	2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe	18
PID 2112 wrote to memory of 2348	2112	2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe	18

C:\Users\Admin\AppData\Local\Temp\2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_08a6908fb704204ebbe7698bd66751f0_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
26KB

MD5
1c3f253caeaadb2e3b7ffbfe1e3e0c80

SHA1
794afc69603a38825f622ef23601b1fca8ae1dce

SHA256
f2bdd46c558cb5bf8f5e41e35578e10a6f3ab7cb7d64ac3e524b7ffc0a35efa7

SHA512
a59538262e37ea5e24246aed66dd3d667a585897aa283462c717d15775df1f7740ed078d1d00517a9d28fed0e9cd8dfec18bc10670e94cbab90dceaf3aea9d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
1KB

MD5
8e51d16953e4694da7d5bb19ed880d84

SHA1
348adc5291a275c87198ba80f929f3d1528036c2

SHA256
64671f22ae537f8af697dac99f8c892b1e698d7beec13b972980bd71e0d8a1e0

SHA512
97b37c6419953ff2183365e4f994b6d7664bbc71e57373ccd1347b2355de7dfca810d6e0b3826eb7d787fbea08f0b393388afb21f498f8d26b30862f09136d1c

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
31KB

MD5
f7a7b0daa9fe4daf4e33627acdc56793

SHA1
be5774713241bfecc67ae5dfacd21a0d5a80d7c9

SHA256
6c511e01a85cef65b4eca42398fa3a7f18f2f345746ab7da03a1fa8dfde542b9

SHA512
7477d77d77ca79603d671521a0d4f355e367287470f0d95cbc8bb8243d79193bba16aab1faac5a723f4f8bae8cc10c35fda4e64a46aec40768d033974f0977f5

Download Submit
memory/2112-4-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2112-1-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2112-0-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2348-16-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2348-15-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download