cb5337885deefc8013a3fdb814ae77979818bc3d22edfa1828db099c72317cb7

Analysis

max time kernel
1s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 05:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe
Size

65KB
MD5

f14a85dc9a0d9ce73fed8946539545e1
SHA1

f3d218c3173fc023fb512e1d767ed4cbdd6794a7
SHA256

cb5337885deefc8013a3fdb814ae77979818bc3d22edfa1828db099c72317cb7
SHA512

ef2e9242c6c27786ebf507abd0265c4d32063cf2059b5f7cef7b5919dd3cb7ba7c0aae1fd7707ccfb55ac0f8ded5c5e4906f65b93ec339bf4bd2c4d635a6981b
SSDEEP

1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAvCbDa6k:z6a+CdOOtEvwDpjQHk

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2688	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2540	2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2540-1-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012281-25.dat	upx
behavioral1/memory/2688-17-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012281-16.dat	upx
behavioral1/memory/2540-15-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2540-13-0x0000000001EB0000-0x0000000001EC0000-memory.dmp	upx
behavioral1/files/0x0009000000012281-11.dat	upx
behavioral1/memory/2688-27-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2688	2540	2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe	14
PID 2540 wrote to memory of 2688	2540	2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe	14
PID 2540 wrote to memory of 2688	2540	2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe	14
PID 2540 wrote to memory of 2688	2540	2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe	14

C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
1⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\AppData\Local\Temp\2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-10_f14a85dc9a0d9ce73fed8946539545e1_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
49KB

MD5
dd36ae1d6f9a20f41c014b0821e301b6

SHA1
570e32a2f28353c1502e13b2e1dfd13f897ea04b

SHA256
582f5bab1d75f82bbf9b4f012417e5a66c165a01fac25a87fa9f57cda565ad7a

SHA512
9203121df5936a975d560f32e654c6b92711ee6aae12086b7363dc6783f8ec4858f0d1ae479917a50d1e11eded936634f7f3566a59957a6a156ccc27ceb4ed56

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
42KB

MD5
5cecaaf86b5610c4cf7982ac322e5bc2

SHA1
48b33f0520bd4acf6d75d3e1f63556630b38fdf7

SHA256
28d8d3b0a0947de5a8b92984d804b535213cba9507c0c640d574c03acef46450

SHA512
da9f00f1606237ff7ef3c8af95b7e899013055efd634ecceef39cca6722abae352c3eac24f01f7980b61ab0028adcfac0a8308d5dd75fe17ffe556bd1e1c5295

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
36KB

MD5
d4447053415489127385f0393cc4e321

SHA1
f4ec40ab95bb0b981c5b7943e60309bfb4895498

SHA256
51fbe1a4fb1639264afb33b331579fccd780521f1c400c32c6196f27cbd90683

SHA512
18db0bd82abb6d7a789eff2e4922428eda6d376da4a23427b79b00f8c723e9ce21c860ee6229ab07c274c34ee55f9e176ed15b7645dc7ecf2635bc96af78a723

Download Submit
memory/2540-13-0x0000000001EB0000-0x0000000001EC0000-memory.dmp

Filesize
64KB

Download
memory/2540-2-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2540-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2540-1-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2540-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2540-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2688-26-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2688-19-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2688-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2688-27-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download