e250b1f4c1b78ef6687c5f07fdc121345fd3c544a2798092b73175f865dc75c7

Analysis

max time kernel
0s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_89abb9851919a4be0fd6829fb6feecca_cryptolocker.exe
Size

61KB
MD5

89abb9851919a4be0fd6829fb6feecca
SHA1

630d20bbd775418e8709e9d848807ce4ea412ebf
SHA256

e250b1f4c1b78ef6687c5f07fdc121345fd3c544a2798092b73175f865dc75c7
SHA512

393caa243b9c8d2c7b9ff3eb6bfc48e36b0ef9a87ecd3b5ebb280f2665f552e319c95b6e089c95a3b3e2ca3155da7cd8b11aad68dc45e8886b80aa50a1949346
SSDEEP

1536:X6QFElP6n+gJQMOtEvwDpjBccD2RuoNmuBLZ/C:X6a+SOtEvwDpjBrO6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-01_89abb9851919a4be0fd6829fb6feecca_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_89abb9851919a4be0fd6829fb6feecca_cryptolocker.exe"
1⤵
PID:4248
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
30KB

MD5
73c60ac9bd0553dde42f85393c251954

SHA1
7099702da1db2392a4894c003414ec81eb7388db

SHA256
e1a74b8334773f9a77e5760d9fa482a8922b4862c7a3d8751b1959ecce66d308

SHA512
5fb1834ab6e1ebef957f87fb24e2d57b76861371e739f049a045cdce8d3fc0309a65acc9dd30aca9f96a47b8047e0176c3c9690709f7784eab8efd8d00e8c4de

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
5KB

MD5
53e537803c024187b158c01a390067ec

SHA1
72a6efbd40eb087c00f82a6e41b8fb7930e3f835

SHA256
361ab88716d5a68b0c65ae88b91fc482d6eda43532b0920e55baac7111bf9289

SHA512
93e9eba91346d4a3ced637c203c403091ef6416a4c5f4a374950941f417f9ba631b211e782ad456203a1f947aa772d66e2987b8d1252d4b0b7eec8a8defb8a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
61KB

MD5
2841319680d02f868041038f8f254c56

SHA1
d074a70e9315e2f242fe024d5fb6ddf0f75a4ac3

SHA256
dfcdbde09583a526d99d3e92fe5585ab45cbaa2e675441d9f4f5bdfe81e9cdc7

SHA512
363b8c2cfd24dd432dca5cd21cf17d27c4cad72f2893809385009c6660f1ee58a19055a5f36d584ee368b2c6505f724900996eea04837ae4897bdcd0f7dda20a

Download Submit
memory/1768-17-0x0000000000510000-0x0000000000516000-memory.dmp

Filesize
24KB

Download
memory/1768-23-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/4248-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download
memory/4248-1-0x0000000002190000-0x0000000002196000-memory.dmp

Filesize
24KB

Download
memory/4248-0-0x0000000002190000-0x0000000002196000-memory.dmp

Filesize
24KB

Download