1810f1254b7898132e4f0214b6f85eef77cebfb1049f48a9eb0b3a62b610ae5a

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe
Size

61KB
MD5

76790c213a3b67a8e7ee6c3ef9d94f81
SHA1

6a683775ea3383873aa6c1f6e5698e591583411b
SHA256

1810f1254b7898132e4f0214b6f85eef77cebfb1049f48a9eb0b3a62b610ae5a
SHA512

320160eb3737024713778ed78734e733bdb206dfdb33b3d08565d721e263aa28e21635eef15b53c183bb86c3d3d39dea8479b31659eeacc9f12f5dab2749bb28
SSDEEP

768:P8mnjO6LsoEEeegiZPvEhHSG+gbum/kLyMro2GtOOtEvwDpjKvWxHCbSVaFn0jKx:P8mnK6QFElP6n+gymddpMOtEvwDpjYH

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2216	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2148	2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2148-8-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x000a00000001224e-23.dat	upx
behavioral1/memory/2216-15-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral1/files/0x000a00000001224e-14.dat	upx
behavioral1/files/0x000a00000001224e-11.dat	upx
behavioral1/memory/2216-25-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2216	2148	2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe	24
PID 2148 wrote to memory of 2216	2148	2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe	24
PID 2148 wrote to memory of 2216	2148	2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe	24
PID 2148 wrote to memory of 2216	2148	2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe	24

C:\Users\Admin\AppData\Local\Temp\2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
49KB

MD5
ed4bffcdcbf5236fd6dde1dd7cbdf8ae

SHA1
c400721dd0f314c83588314bb2d1271a8c6b0524

SHA256
5ed82ae720a1a38ca0135a2c5e72ffb98f90b830834c9bb504ed45a943055b47

SHA512
68cad211d59356121b6c8764147c52c29aa036f713e6e7914a49ed88a3b13640d4015d8872bc1bd069d958f50c703f87273f0e29d36226282c28280cef0bfe41

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
02632d20e645a31fd43ebdf03f52e463

SHA1
1b122ac76ca89bd2b14fd71ad7b970ebd1d6eb0b

SHA256
be8cf57157428a15daaf900f66e2b990d909e775b53996c1c9034f2a2f238694

SHA512
9cee596450bd3de67ad12863347bae5acf988c8ae45230b6e6381351f3bcfbb29c8a9824aacfc1a2398d287da424e8b0100844d594841115c5b712b052f3df25

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
61KB

MD5
61ead984bd29ff40ca7bc481ea3b2f1b

SHA1
6ab0f6f92705fd226d81874c9fd6e8fe7442e7c9

SHA256
803eade59c7a4db1eb6883b1493fdcef95e48610bba83074b21ac01061b643ba

SHA512
cbb8f26863c40939c55c9cb49b70e35ad911800cbecc125f40db6b854b13100d45d20390edce5256b7b11d998b5a67a9bf84497478a939592e8adc36a7df9a64

Download Submit
memory/2148-8-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/2148-9-0x00000000001E0000-0x00000000001E6000-memory.dmp

Filesize
24KB

Download
memory/2148-1-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/2148-0-0x00000000001E0000-0x00000000001E6000-memory.dmp

Filesize
24KB

Download
memory/2216-24-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2216-17-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2216-15-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/2216-25-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download