1810f1254b7898132e4f0214b6f85eef77cebfb1049f48a9eb0b3a62b610ae5a

Analysis

max time kernel
0s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe
Size

61KB
MD5

76790c213a3b67a8e7ee6c3ef9d94f81
SHA1

6a683775ea3383873aa6c1f6e5698e591583411b
SHA256

1810f1254b7898132e4f0214b6f85eef77cebfb1049f48a9eb0b3a62b610ae5a
SHA512

320160eb3737024713778ed78734e733bdb206dfdb33b3d08565d721e263aa28e21635eef15b53c183bb86c3d3d39dea8479b31659eeacc9f12f5dab2749bb28
SSDEEP

768:P8mnjO6LsoEEeegiZPvEhHSG+gbum/kLyMro2GtOOtEvwDpjKvWxHCbSVaFn0jKx:P8mnK6QFElP6n+gymddpMOtEvwDpjYH

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4016	asih.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1540-0-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral2/files/0x000400000001e630-13.dat	upx
behavioral2/files/0x000400000001e630-16.dat	upx
behavioral2/memory/1540-18-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral2/memory/4016-17-0x0000000000500000-0x000000000050F311-memory.dmp	upx
behavioral2/memory/4016-27-0x0000000000500000-0x000000000050F311-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 4016	1540	Process not Found	19
PID 1540 wrote to memory of 4016	1540	Process not Found	19
PID 1540 wrote to memory of 4016	1540	Process not Found	19

C:\Users\Admin\AppData\Local\Temp\2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_76790c213a3b67a8e7ee6c3ef9d94f81_cryptolocker.exe"
1⤵
PID:1540
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
61KB

MD5
61ead984bd29ff40ca7bc481ea3b2f1b

SHA1
6ab0f6f92705fd226d81874c9fd6e8fe7442e7c9

SHA256
803eade59c7a4db1eb6883b1493fdcef95e48610bba83074b21ac01061b643ba

SHA512
cbb8f26863c40939c55c9cb49b70e35ad911800cbecc125f40db6b854b13100d45d20390edce5256b7b11d998b5a67a9bf84497478a939592e8adc36a7df9a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
2KB

MD5
97c3c3997ae8ff7e27672de897308955

SHA1
ea38bc5688b90d13b49eea813bf6b8be52393173

SHA256
58d30c071a8e1e5850165847b5b15cfff14fc1cd0586b98fa1f741826b5ed8bb

SHA512
a8ac99b8e0818cfb9f0bc520aeed31d713c5fba016ded42aa07d54853f563fe412ae7a7b956c4303ab8b32cdd3d16abd4cfde0d38eb8e1764f1cbf4f3566aa6b

Download Submit
memory/1540-0-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/1540-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/1540-3-0x00000000005E0000-0x00000000005E6000-memory.dmp

Filesize
24KB

Download
memory/1540-2-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/1540-18-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/4016-20-0x0000000000750000-0x0000000000756000-memory.dmp

Filesize
24KB

Download
memory/4016-26-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/4016-17-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download
memory/4016-27-0x0000000000500000-0x000000000050F311-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads