Analysis

  • max time kernel
    0s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 06:37

General

  • Target

    2024-01-08_1a1279a80c9f22d1f0a4d0fc8e86b6c3_cryptolocker.exe

  • Size

    91KB

  • MD5

    1a1279a80c9f22d1f0a4d0fc8e86b6c3

  • SHA1

    98993b458de66f8f8cb92d0d2be3cf2739957372

  • SHA256

    a661c12cdda38384bafed713d1a76e9db76123eac9c3c745aa2148134942c41d

  • SHA512

    82be3ffa610996c42e8bfe68384e673eed19687193b75099aa66d2bd316adf532c5d8641e5f98936497aa387c61acd0d6d99a7d538ac96deda905811e17fce7c

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp01K:AnBdOOtEvwDpj6zM

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_1a1279a80c9f22d1f0a4d0fc8e86b6c3_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_1a1279a80c9f22d1f0a4d0fc8e86b6c3_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    1KB

    MD5

    97a3f352fa15ffe31601bd0598642563

    SHA1

    6ec50c0cc7b0162de2f240d5a26476d47fdadd49

    SHA256

    66a0e618a7e8cda430bd50a002ee016a6357cb2153ac906453a87a42537b6e8e

    SHA512

    c32f233b6929d6186bf4bdeb882ec9f393c060b8ae81d479558a03cc402c91541d473e1178548dc7cb7c3355ad303e986640f18bb2599282e45528b29393823f

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    5KB

    MD5

    3c0e25dcb8a5d4052322fad2bca96ab2

    SHA1

    01a78250096567cb1d4c78b1a65e8e23c058e4c0

    SHA256

    b81b617b2a3079cae18f44ef5d41fbf8fc3fff08be75867e5a3c190592f09e3d

    SHA512

    1a69b318e6148d39e3ad4da86c5e9f0cf9e4cdaa16731981a404e547882b59e891bfa7fc67f59cf8d77ae19c9b30863edd7155fc644c6f500e7f01083839720c

  • \Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    18KB

    MD5

    89f4b48b15b1c1562b49ebd727936560

    SHA1

    5ee2ce2df38037f1a10543459150c3d8d99fd927

    SHA256

    7af298fc4ef133778e0fdc57da14c60ac8885a09943ecce65a2db309a6e3f2be

    SHA512

    3f92da2cf9263def2f922b9ccf3755b946ff23fed378564c5377d5491493a41f0303feb62524fe23d244479af0c95eeee17bbab81f180c541677d85e31f0c968

  • memory/1528-17-0x0000000000480000-0x0000000000486000-memory.dmp

    Filesize

    24KB

  • memory/1528-23-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

  • memory/1528-25-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2112-1-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2112-0-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

  • memory/2112-2-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

  • memory/2112-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2112-9-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB