1d913d40dbe0f477d351dcd85607927888a56d01dababcfed96d8d2c626243d9

Analysis

max time kernel
0s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe
Size

35KB
MD5

7657472a6c77b3bc8b38eabc09292512
SHA1

80877db0556f1dd14c29223f84348c5bac9db1c2
SHA256

1d913d40dbe0f477d351dcd85607927888a56d01dababcfed96d8d2c626243d9
SHA512

f5d3f35f62d70d81aaca804d947c3914e8944dd8c55cfcd2bcedf2e17e043e1cad53daa8c9f8d42ae6d6994734de1242c854a973cbc5d40b6e9935be296a7f30
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3TP7Dj:X6QFElP6n+gJQMOtEvwDpjBmzDj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2544	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2176	2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2544	2176	2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe	15
PID 2176 wrote to memory of 2544	2176	2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe	15
PID 2176 wrote to memory of 2544	2176	2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe	15
PID 2176 wrote to memory of 2544	2176	2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe	15

C:\Users\Admin\AppData\Local\Temp\2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_7657472a6c77b3bc8b38eabc09292512_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
35KB

MD5
dbf03a180cbda57eaf3ff08ad4d0f3b0

SHA1
6e65c00abb7ae7c0692ccc9a63f3c4127ef9a1b9

SHA256
c51ebc752af3cea3ffef31927bd162cd5729c33f0f14a7dd16b8700de8b92f9f

SHA512
17d8fcfa40b17843cd3ae748d6e9756af8e2f623b4861fc4e520eec2a8faa6785edde7333097137de5d02a0c13a157a88090f1f4f9c99c41b1a162d722c2f0da

Download Submit
memory/2176-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2176-2-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2176-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2544-22-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2544-15-0x0000000000530000-0x0000000000536000-memory.dmp

Filesize
24KB

Download