c3a987bc4458c889ff1dc29e87416b5000fcbd475c56b1a8fe3f14afff318637

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe
Size

58KB
MD5

82956a6629cabec8408b5dac25c30586
SHA1

3b1bdcc390ab9c4c0eeebd82f33c6c1da5f3adfd
SHA256

c3a987bc4458c889ff1dc29e87416b5000fcbd475c56b1a8fe3f14afff318637
SHA512

435bd49cf3788b5b776532a37fbbca0e93334bcdae99e9b82981de9044d834f3812c156c752e261c65616dec6ccec3226770ed3e78b190286d65fc2891e44d95
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPt547/Gfa:V6QFElP6n+gMQMOtEvwDpjyaLccVCbma

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2792	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2224	2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2792	2224	2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe	28
PID 2224 wrote to memory of 2792	2224	2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe	28
PID 2224 wrote to memory of 2792	2224	2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe	28
PID 2224 wrote to memory of 2792	2224	2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_82956a6629cabec8408b5dac25c30586_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
59KB

MD5
1ed57f44b5e06cfa32c3e9c9c1db71e1

SHA1
5af2929422d2644f14a2e6a133f912ce32c96906

SHA256
3af4c2e2ff2b79a1d413606ca51627fa93c8b421de503fab64e2ebf305ade32a

SHA512
62a712d9f6a8cc8fd5276e0a9f3281999c84b04900700259dcf7d5477a5c1b3a4e5da234586b5ff58e8a01c3a2c33e6d2b500513d238ee952eaec5bf5df835d9

Download Submit
memory/2224-0-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2224-1-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2224-2-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2792-15-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2792-20-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download