a19f9b43b6e3b0e8492306b60a7c132db32128b3b69ab990ae776ca7f391bbc0

Analysis

max time kernel
2s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe
Size

100KB
MD5

805e7da61f5532dcd0045bc736274be8
SHA1

7ac65fec2366f7dc910187090eef4e53285f38e0
SHA256

a19f9b43b6e3b0e8492306b60a7c132db32128b3b69ab990ae776ca7f391bbc0
SHA512

ebaae3444f71ad964789523d27d9204ef78a3d0fd860fff79ee3c71b155d2142130379b39a8ddbd40c1398b8aa02d9883bc8ffb264fb303300ac401403b6cc66
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNuj2GQi8Aoh:V6a+pOtEvwDpjtz9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2696	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2400	2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2696	2400	2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe	28
PID 2400 wrote to memory of 2696	2400	2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe	28
PID 2400 wrote to memory of 2696	2400	2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe	28
PID 2400 wrote to memory of 2696	2400	2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_805e7da61f5532dcd0045bc736274be8_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
100KB

MD5
c3af4595c3fba97409847b4b40de7874

SHA1
289ed0e3766d0327c3745151fcac505a2dd1eca2

SHA256
5c7eb59f0b09efba378953a4dc75d80579cd38f3f424e837a193e59de714f05e

SHA512
11b22f8f521c6314222c4f4ee027eabfb4acadaa21a08410bea7ecf1d28e44b75b38219aaafdcd5e7095a7551a32d70e072e3c39027ffafefac044092223b235

Download Submit
memory/2400-0-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2400-2-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2400-1-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2696-15-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2696-21-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download