bc716d9571830a83cbf3073882ff520c525470e907a48b9898f55a69eff55b0f

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe
Size

51KB
MD5

41f08ab9bb3d0648a1c9646c96efaaaf
SHA1

4fc8f91b5fb5ad0234b22659a304f6c478c090ca
SHA256

bc716d9571830a83cbf3073882ff520c525470e907a48b9898f55a69eff55b0f
SHA512

cec5af32bdf5bd8def7c781d7c6e99314b51daf9f4f97777baa2ae9572a9e55130e3d05c82da6c1060fef3821d0c2eaa212a32f56ada18429e1bac5f25b376de
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vaTiSfQa2yfR:X6QFElP6n+gJBMOtEvwDpjBtE1y2yfR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1720	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1708	2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1720	1708	2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe	28
PID 1708 wrote to memory of 1720	1708	2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe	28
PID 1708 wrote to memory of 1720	1708	2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe	28
PID 1708 wrote to memory of 1720	1708	2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_41f08ab9bb3d0648a1c9646c96efaaaf_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
51KB

MD5
45dcfa62267b546932fdde2207fac079

SHA1
bbf53cb137f35718ea0b3fd2bd0ffc0d1e831532

SHA256
94785d398991d17d8506464baa067aa94933644a9f85a7b7cc17f92dc4df2f83

SHA512
d2d20244e11fc1b505e8c723c516a2968bd7cdb4b26763a9b7200374b754044dc744edcb27583f99081a3ca5545207c2e59f306ea353b1cd7724b20db71ef70d

Download Submit
memory/1708-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1708-1-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/1708-3-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1720-15-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/1720-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download