6c27af7000160219377ea6c97116bab061dc98f4d8971fb4f96d67d1fb0e96de

Analysis

max time kernel
148s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe
Size

83KB
MD5

b4f02ed22869232cbba90c2cc8ed4bd4
SHA1

97162e967ff77866cadf9cb4b54bfda99de34f61
SHA256

6c27af7000160219377ea6c97116bab061dc98f4d8971fb4f96d67d1fb0e96de
SHA512

6a4e4d5ba32a6d6f75bbb2544566289a7e3282190dc9079c7b087e1dd719aa832c82904a23ac071ebd6d558a21eaf617981f19e1ae65e27cbf6c69f065ffe709
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccVNlVSL8k:V6a+pOtEvwDpjvpu

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 3 IoCs

resource	yara_rule
behavioral1/files/0x000900000001225b-13.dat	CryptoLocker_rule2
behavioral1/files/0x000900000001225b-22.dat	CryptoLocker_rule2
behavioral1/files/0x000900000001225b-10.dat	CryptoLocker_rule2

Detection of Cryptolocker Samples 3 IoCs

resource	yara_rule
behavioral1/files/0x000900000001225b-13.dat	CryptoLocker_set1
behavioral1/files/0x000900000001225b-22.dat	CryptoLocker_set1
behavioral1/files/0x000900000001225b-10.dat	CryptoLocker_set1

Executes dropped EXE 1 IoCs

pid	Process
2144	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1304	2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2144	1304	2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe	17
PID 1304 wrote to memory of 2144	1304	2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe	17
PID 1304 wrote to memory of 2144	1304	2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe	17
PID 1304 wrote to memory of 2144	1304	2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe	17

C:\Users\Admin\AppData\Local\Temp\2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-04_b4f02ed22869232cbba90c2cc8ed4bd4_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
13KB

MD5
2bb476ed0aad73992a878eac04bdbe43

SHA1
07468008a7f490e353f1e80999e72473700f2ca6

SHA256
67cb6047cd025f93a3cf49475426f0c82dfd915029d354e8690e39133b7f3cd4

SHA512
3b35bb928d8093e3124ce6e078db62732264c70fb86188939987397e3744e05e50ec957fd57fac33b2614142e231d1cc8d1c954b4a9268c1635f3d7f75d5dcf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
1KB

MD5
38bdb2962954a31bd6dbf8a25af340c8

SHA1
3c84cef037dc858bdeef16b0af323d8c612ab81b

SHA256
46184ab758b111e4f875894031fe966bd154afb1b1ee18438591d4d1b4d7db09

SHA512
eb9c774f8a8254909d4d2dbee9341656df8cb4550c28262791a7f583999f595e99f3c12a4c06080650017d81c57b9083b7c599b565b38797503d6e5cfa434e2b

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
56KB

MD5
1bed840f6962e9ba6e97ec889a0e27dd

SHA1
961deb68d2cc2681c44417bdd868caeb19e2cf8e

SHA256
b357d149a92fb71137b2e2ac48cdf76907bb03fc7b8ca50f53bf03cdf17ad923

SHA512
e6c1d8ac4d26a51541fc86d88b4f119cf5f4a8b274719e75161dfba1576a8f55063b8e0b1f9817fb32d4701ba8361819a7af1e561acd5aabd548e6153e23910b

Download Submit
memory/1304-0-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/1304-1-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/1304-2-0x0000000001CD0000-0x0000000001CD6000-memory.dmp

Filesize
24KB

Download
memory/2144-16-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2144-15-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download