09db4190fd9c556af6c8212803fe06a9ae5b81f18b09c7fe6894cfbe4ce926c2

Analysis

max time kernel
1s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe
Size

43KB
MD5

bda1fe46ca7dd2c4f392ec9bf23e7e23
SHA1

e18351429997e7e87d44b48e4d461d74a94f3a1b
SHA256

09db4190fd9c556af6c8212803fe06a9ae5b81f18b09c7fe6894cfbe4ce926c2
SHA512

812189be79720e6a955937bc8585172ad06f2628eed76a7205495fe0f565e5fd331be389e5190148dd21359e588dd2768cf45e790f5e990a91752a8158f9d452
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLaHaMMm2X3a:V6QFElP6n+gMQMOtEvwDpjyaHaXY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2728	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2512	2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2728	2512	2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe	16
PID 2512 wrote to memory of 2728	2512	2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe	16
PID 2512 wrote to memory of 2728	2512	2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe	16
PID 2512 wrote to memory of 2728	2512	2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_bda1fe46ca7dd2c4f392ec9bf23e7e23_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
5KB

MD5
02564db53f8782d2729dcf7eed5ddff9

SHA1
44a1ee377899029240cee588db7a6e38da041d45

SHA256
fece98040c7a3fe46641dc1a6323353a023a51f062e7d717f8a73be4bfc0c89c

SHA512
437e09d79e484776083fa150786002544cb523e1b8ad72e3e1cb6bfa16975b0953bbba16508193d51ae59a1486a5136900c66d73b2a0d8d4384dfd77f40c53ce

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
13KB

MD5
030a293aa3572abd06f0009cb3503d79

SHA1
4f06a96ded07edc243e6f542d63f92a064a3695e

SHA256
a599b4e7ca0080d27c367df014bb57c0a7ac3234c6bd8e60d230c4a296f03d3c

SHA512
882582f3a3a272f6e5e6ba663b1759a81c9268ec362853ed0589c9c87b9fb91da995c8c7b583db8916aa4bcb41862448f95655c260ab1871f652664f1163e6fa

Download Submit
memory/2512-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2512-2-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2512-1-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download