dd7a0fabf586d7cd4152ec58a2d171cac1c4d9ac59d4431776ba16b7b291b3c1

Analysis

max time kernel
169s
max time network
172s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe
Size

45KB
MD5

c45ac7c72e04440dea3c7b750b91acdc
SHA1

a19788bdaf48f7541e60ac498146af13857b6f53
SHA256

dd7a0fabf586d7cd4152ec58a2d171cac1c4d9ac59d4431776ba16b7b291b3c1
SHA512

afe4f506c211108f98240e6d18db521d0c1eb624afeef62390e9f3ec4d29d36bd1943c9c0aab8b0506b94af657dd825dd2efbe0acb3400173a08878886b1d922
SSDEEP

768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6j4AYsqSh+DETkedmhTTHFAP:YGzl5wjRQBBOsP1QMOtEvwDpjl39+D+/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1404	2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2804	1404	2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe	27
PID 1404 wrote to memory of 2804	1404	2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe	27
PID 1404 wrote to memory of 2804	1404	2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe	27
PID 1404 wrote to memory of 2804	1404	2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe	27

C:\Users\Admin\AppData\Local\Temp\2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_c45ac7c72e04440dea3c7b750b91acdc_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
45KB

MD5
c26aecd6968ab1f32b89467573681c85

SHA1
38189f1963c375c6b5d76ea36c0f55bf9ef16026

SHA256
fb0213834d0faac5614d7f2cfe8caae985a669d6c5e8b8e032c4755ca6fbdf83

SHA512
2026e167386b6b1a1e832d234e1ca362bdcc0306fb54b3f9144d9f2b7f6c34c63a8a1a97818a7359b376cde97b70f5ccb244628cb4ec49224e9a75bca6d6e906

Download Submit
memory/1404-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1404-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1404-3-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/1404-2-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1404-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/2804-18-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2804-24-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2804-17-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download