099b714ec3b29fd0b4e711444ff7140a662e340cecee2a0c063b9b110753f2e1

Analysis

max time kernel
0s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe
Size

46KB
MD5

216bc5d524a0ea5a8b6c06909c9534f1
SHA1

e8d82334085b399ef1660e2837ec3066ee98b5d3
SHA256

099b714ec3b29fd0b4e711444ff7140a662e340cecee2a0c063b9b110753f2e1
SHA512

bb599d63006fa09db083a7680ab64c54a8986e610178b656fdc6493fd83f5a6c9bc32cbb68b08efe9c4ad6a6a97009dc183dfa10803cc215b0ceea09b1fe4939
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQ7suIlsw92KFXpQenx:V6QFElP6n+gMQMOtEvwDpjeJQ7pojkE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3004	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
3064	2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 3004	3064	2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe	16
PID 3064 wrote to memory of 3004	3064	2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe	16
PID 3064 wrote to memory of 3004	3064	2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe	16
PID 3064 wrote to memory of 3004	3064	2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_216bc5d524a0ea5a8b6c06909c9534f1_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
46KB

MD5
c36a38a8e88de2cbe1e4b9c459915919

SHA1
c5998db0c519a2d6865fcdaf57470f09d6f11df3

SHA256
816ab39845a1d1ea9a7a3feedb6dc52aa81cce9356edb6783e25108177186f39

SHA512
5eea9bcb51f0287f0d38586289a856fad317c1a7d43cf99a20c2d921ec1df75420ecf5a5e6ac0436d493171f19368d6d17ed1f8b7fea147d0ec26a1ec466ba74

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
37KB

MD5
9861ee910d7d33f7652bf228cc62ce4c

SHA1
e061f8b943f9d5aa1b37ec584d1f81457c516ebe

SHA256
2f8ee6aec6f4fb0dfbc4ad59fe2d0fbed1aabf362193c1bda6f7c1536a04a8ba

SHA512
e0f5c13c10cd3cf4e6392596804cc589430ec9ee2a569a9fa7454984deab60b5e3b801366a11d4c227d18d5fdfa7da33f83df902eaf786cf80e3ee805503491b

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
15KB

MD5
af1023284d5351698e7fb720d178bd19

SHA1
4b2ed47d6611501ee9d50eafd59a1f574a28f452

SHA256
20001c518f3349c2ed39e43cd74b613d884f58faa3964fe38636403dd905e10a

SHA512
459b3e236abdd78032f93f1851e824bd8da844e4b91f1c1c989b15398e9d6396de8bd70d5eadd732c33353fc9376efbc90057c972ebf036c03dce09b3c628650

Download Submit
memory/3004-22-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/3004-15-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/3064-8-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/3064-1-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/3064-0-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download