f38e256818e6b01260c6e67aef5d087ddf5ba4d9792a18cbbc3fc26eb8042299

Analysis

max time kernel
133s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe
Size

38KB
MD5

a36b6bab6491287f04d16e33804218b4
SHA1

7f4f6cc416f74d6e9b5e0b3f3351dd9b0adb6261
SHA256

f38e256818e6b01260c6e67aef5d087ddf5ba4d9792a18cbbc3fc26eb8042299
SHA512

994bedee148a03aad5f16e03b3e478486cc2dd0459e20f8ff48ac7fb6012e905dd2c027285b864236369318b7eb1216f50f96a6f6d20f435b97ad31ce21b9f92
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQLI3Jnoehy543yAZ:V6QFElP6n+gMQMOtEvwDpjeJQy1hySCa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2660	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1744	2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2660	1744	2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe	28
PID 1744 wrote to memory of 2660	1744	2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe	28
PID 1744 wrote to memory of 2660	1744	2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe	28
PID 1744 wrote to memory of 2660	1744	2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
39KB

MD5
0782446a27f47b7730380293d9e7d6e4

SHA1
78d790d4a1194635fe526503ad8c9a74bdf35a34

SHA256
65fe427a4d55a16b2d08f0fc79b41779879150062f9250ef5e06d015348af967

SHA512
f414d6aa6d6d1c5b2e96186fd841d9386e0028d5913cb43f0592cf6666f2ee3186f333a4a1f12dd25d47a20150b334a2d026a81467f403428356a9eedf2e6daf

Download Submit
memory/1744-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1744-3-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/1744-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/2660-15-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2660-19-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download