5d2685aad54e089c312ae31c0cc4eec0f5f6da77c5f8b2e236a2a7bc90f99cf5

Analysis

max time kernel
1s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe
Size

43KB
MD5

c5dae3e2c76f56060f6d640ae2f8120d
SHA1

04b90d8f9902991d3d18a03c5580ea69e65ce6ce
SHA256

5d2685aad54e089c312ae31c0cc4eec0f5f6da77c5f8b2e236a2a7bc90f99cf5
SHA512

646c450cc108337e4c0661a536fa6718898dc9d752e8651c6287652658c13abc7c171de9560e2130f1c9b19555ed1193573eda29d6f6a5eed7af59df3177c056
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaEqbIu55N:X6QFElP6n+gJQMOtEvwDpjB0GIWN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2720	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2720	2168	2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe	16
PID 2168 wrote to memory of 2720	2168	2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe	16
PID 2168 wrote to memory of 2720	2168	2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe	16
PID 2168 wrote to memory of 2720	2168	2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_c5dae3e2c76f56060f6d640ae2f8120d_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
44KB

MD5
b87889a496af543e1c1d45b2896f4d51

SHA1
c94acc3f096f619a4d66100c69690dadc44f7998

SHA256
e66b22bfb699b22e3604b83f9ab368dc367dd0660a44d20999891ff5f01472d5

SHA512
6a15875ce10f1d0c88bb67f5dc5e5e39c3249aa94ef991426f4020b8afbe0f150212633d05bdd6b169f2bbd74392991585fe0ed269d8cd34a6ba50770498d6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
18KB

MD5
a82134c71accd057df90a2b9e890b9af

SHA1
c8b066a77c696a24825e8520f46b0747aeaa79a9

SHA256
0d23dcfa0cebf2251d31cd347a648ecab9042b401f087f878c456f0f19b2e104

SHA512
861b76a0157d54c7bddcd33e5559b16173ff5ceff6ebf2f3fab02df8eecdd6a658f63cbe9fe6aae83e81e8307d2b0f6f23f236800da9ab0c79fa7bfd4cd1c423

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
9KB

MD5
97e877608c6514cf5ccb09c81218b429

SHA1
0b48cddd603a05302c7dbcbd21a90fc184eca66c

SHA256
16a4fdb3b121b5fb7665d97a590735bbe6b60be2b99f7971f5fd6d03ea73c134

SHA512
793b76cf05b475e173d62dd76a154c4851bced0de0b8c69f12a2fcb0559a6d66ef6aa376cb93fe983ed85e37cb679b159c99ba7bb9cbd28a3e28b29447190dd2

Download Submit
memory/2168-1-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2168-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2168-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download