11b4fbb23fbccd1d9c0d5d41f76896bf680072c52c7bb41703319391b325e4fe

Analysis

max time kernel
130s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe
Size

51KB
MD5

6c4f6348eb062adc04777d00bae2470e
SHA1

35d1b4000cdd336c022143d82f5f13c0daf14b7e
SHA256

11b4fbb23fbccd1d9c0d5d41f76896bf680072c52c7bb41703319391b325e4fe
SHA512

fcf2df46ae95d2461071847b7738d5ac940bf1f24cbb849186322bd0c60c53270b4977af24b00ae579dd63fd265d738fae0bb6d72392f85750e13ef8c1c94e7b
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vaTiSfQaVg/:X6QFElP6n+gJBMOtEvwDpjBtE1ye

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3044	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1852	2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 3044	1852	2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe	16
PID 1852 wrote to memory of 3044	1852	2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe	16
PID 1852 wrote to memory of 3044	1852	2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe	16
PID 1852 wrote to memory of 3044	1852	2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_6c4f6348eb062adc04777d00bae2470e_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
38KB

MD5
ba84ebcde4ad8336683a8b258ead9411

SHA1
ce300766257d5bdd37975bbe681bad4fb78a13d0

SHA256
508d652438077febb9f62fdba9bd7433d078bf5b2f9d63f0ddd6396f72316fb1

SHA512
e003d46d9863400dba82f1cda410d15e4de6161a510fb123ac0918b2e0d800a6b7009a0ed80f5dc5b4764dab45b7a647b7166a4839523ec6be3d293293be968a

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
5KB

MD5
53e537803c024187b158c01a390067ec

SHA1
72a6efbd40eb087c00f82a6e41b8fb7930e3f835

SHA256
361ab88716d5a68b0c65ae88b91fc482d6eda43532b0920e55baac7111bf9289

SHA512
93e9eba91346d4a3ced637c203c403091ef6416a4c5f4a374950941f417f9ba631b211e782ad456203a1f947aa772d66e2987b8d1252d4b0b7eec8a8defb8a76

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
16KB

MD5
ba018698636599800a858c90bafbe288

SHA1
ebbf8c9fb676cf6fd16733e3b2e102d0fab12d5b

SHA256
9ca7c088b392675ee91407dd8b49155645c09d3998e4391a8fbfbaab03a9497d

SHA512
54be2f53464686989035afeba3d65ec6bcfef7e1ff2b84ecaa8d239f705f636df3c867ac46adce33b6a3ea2faf9f576c71f57e0c0f97b8bf1cad7af7843782a5

Download Submit
memory/1852-8-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/1852-1-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/1852-0-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/3044-15-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/3044-20-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download