ff86dcf5bc96c2c02bc92892f6026aeeeb5b167da778b1e86104046e2b61e549

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe
Size

48KB
MD5

8a1b1e82834662e1d919c623a52ef163
SHA1

e743caf390cfc416bf4fd202b92af70fc66e23cb
SHA256

ff86dcf5bc96c2c02bc92892f6026aeeeb5b167da778b1e86104046e2b61e549
SHA512

b1c5a84e74a71b51193ecb1299aa9c7a242a7202ac704b64fc8069f2d0566e886815da02e55af91af43624b3dc5072eca0458503fc2103fc8f5bcd70e671a156
SSDEEP

768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09viE:X6QFElP6n+gJBMOtEvwDpjBtE9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2728	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2024	2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2728	2024	2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe	22
PID 2024 wrote to memory of 2728	2024	2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe	22
PID 2024 wrote to memory of 2728	2024	2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe	22
PID 2024 wrote to memory of 2728	2024	2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe	22

C:\Users\Admin\AppData\Local\Temp\2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
48KB

MD5
ef25e60e25d7b185f79d6bb568ac7b21

SHA1
8e867f4d5d34d56e8e2c3909729c1c1da11ec13e

SHA256
e0d98b7620421d4a4eb3942c22769717ba265f14aac395cfd7d116c1c7553162

SHA512
5f16d75643c89a0aaffe6e764e7d79e4447404238c9314b4675c0fee98f3a9af9b1194cafbd6bf0ba416c7ac70f0b8418d65ffe9faebc2d4dbb1fbbfad669002

Download Submit
memory/2024-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2024-2-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2024-1-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2728-22-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2728-15-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download