82a0858cbca51c5c44f815861642668609bb69853f3a98914488b75404c48419

Analysis

max time kernel
0s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe
Size

130KB
MD5

79272b79d999210e11dd2c8d51500a80
SHA1

f21fa4af335e2e88956b8ef67cde7a49277b2c67
SHA256

82a0858cbca51c5c44f815861642668609bb69853f3a98914488b75404c48419
SHA512

389123a37b1f79cf1d23003a66960a5ec7713e58bdf5e78e5f021638fc9831fa36943496c160420c63af9b8968483c0a6ca469d7f017d5bbd5b765276bd66228
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbO:V6a+pOtEvwDpjt22C

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3036	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2992	2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 3036	2992	2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe	16
PID 2992 wrote to memory of 3036	2992	2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe	16
PID 2992 wrote to memory of 3036	2992	2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe	16
PID 2992 wrote to memory of 3036	2992	2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-10_79272b79d999210e11dd2c8d51500a80_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
85KB

MD5
e9ecf3de146aca49c368113ee12f676f

SHA1
cf0428cd3a22d98b91a654e0b43a1d233ff592f6

SHA256
a5066a09bae31431896f5286ea9182709c940432ac2638d87c54d0c9653f51dc

SHA512
72cb74c1eefa72645a17538279fb6c3880c965678a1224e3ac02309a577b5e08f4dcd85f7abce9f3014ea3b8ec384491b76af30d42f2737c4379c471eb097923

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
24KB

MD5
0914e84924f9c81ce3b5091b1f4cc3a5

SHA1
3ca151f9a4fb46ce4712899e911d1ef2be68a2f6

SHA256
cac0e4a8203e50860ebe60cd5f9c04ce11bf4b77e00e64d4d727842bab8c93c0

SHA512
61b176e780e92af44da849b13fb0823ebfc8fe2c365dcf44bf6e0382d62d245567ce04cf4acb4a629135ea1c3f5dcbaf87860fc23d20697972e91a2a5dd07e04

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
10KB

MD5
bf1a904764ea8ab444663d4b814b724a

SHA1
aa39b5c15926a72f70e29842144a633857f35609

SHA256
9d47d39301fd3f4174b49b3c93514462c7c9142fb20f33e762574412c2a54569

SHA512
30129780484e95fe65c30b03e391dcafe36cbdd0334fe62561d435e02de355426feb115b254a162765170139f07a301464dd01d13f7a4425304a6a2235ae5138

Download Submit
memory/2992-2-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2992-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2992-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/3036-15-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download