7a26a413ba39fd898dc46258c3d93c292724db31378b12ead20afae17a557cbe

Analysis

max time kernel
0s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe
Size

44KB
MD5

d28a920958648608f2084d067501e707
SHA1

e4a5048a59c4a612fefffc3eecebe434ef4d6637
SHA256

7a26a413ba39fd898dc46258c3d93c292724db31378b12ead20afae17a557cbe
SHA512

5e87246ebeed23dfdc98b1dbcc2cbcfcc6df1f85479d7090a6e54c34fac1219ea1e423dbd419e8187b36d0b1ade94d0ec6eaa2fe3ecf8c8468b05a55b7094c72
SSDEEP

768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05WVwR:qmbhXDmjr5MOtEvwDpj5cDtKkQZQC0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2484	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2440	2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2484	2440	2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe	16
PID 2440 wrote to memory of 2484	2440	2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe	16
PID 2440 wrote to memory of 2484	2440	2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe	16
PID 2440 wrote to memory of 2484	2440	2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
1⤵
- Executes dropped EXE
PID:2484

C:\Users\Admin\AppData\Local\Temp\2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_d28a920958648608f2084d067501e707_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
1KB

MD5
3a8ec8b321a2392f8b002b34ecefa4cc

SHA1
8910e40735364772afab891a5a2c1ae0ea6dad55

SHA256
094c20e7eaff0122e0d3b77195ff5a50b3dd3bcb97ef0929558cb3368d3c2b2a

SHA512
5ecf3422e1ef61b835c0fdaca40cf87fdbafad7ecf11f9c442c7067bbc089946acb792bb1b6b6c5cb81eaead7f8fe79251505f3c0afdf17dd569e60d97c2e4f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
6KB

MD5
b831f0becdb61d4e02c6b0fbbc2a407f

SHA1
97af68e8c595c3defe32999c3741c6f29736cbe8

SHA256
9e176e43bae7b74b2cf066a5530cef5911e66a6453150f1e326c7ba6677a8143

SHA512
69579f965b81e8fa4edc6f375dd07d3f8bff6e4f2376b18432761bc2382222d9903d076806fc92f0e7acfacae6d3e1861ad57603d4eaee8838fdee9701916193

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
ba5013415d7536d05f5c491f75325bd4

SHA1
7ea85335fa9f140cee965df9d675eccb93272a17

SHA256
e15dc1c2758fc60dc2604cc4795ff13d5b55b8962d20ef6cdcb5c35fa5538afe

SHA512
0ccd395b45664c15749671cf4ee8761f12eab312e69b67bd5c3f1e7d0a36667a2b9177e3d7760660cfaecab7c3de1ee345a19cf7810b91747098644788860ed1

Download Submit
memory/2440-9-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2440-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2440-2-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2440-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2440-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2484-18-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2484-20-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2484-17-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download