903a5151a2c2c6842b67f5263102b9857925c1c6ea161d74f985047725b2d970

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe
Size

40KB
MD5

1c420ff1327558f01d62d3500f9b5473
SHA1

26e7dad947e535657cc9e05fa4790ff0f4821d84
SHA256

903a5151a2c2c6842b67f5263102b9857925c1c6ea161d74f985047725b2d970
SHA512

83a10372a4dff88b8305d37c8bd5dbbd5b2975c5083cf8f7a9fee7b152a9b6b53e5d8d985e12bad117f7ea72bfd86fa2f118bf3f2597759b0454940607226c5f
SSDEEP

768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPEkL7vF4:YGzl5wjRQBBOsP1QMOtEvwDpjgarrkLi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1164	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
1304	202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 1164	1304	202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe	28
PID 1304 wrote to memory of 1164	1304	202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe	28
PID 1304 wrote to memory of 1164	1304	202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe	28
PID 1304 wrote to memory of 1164	1304	202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\202404141c420ff1327558f01d62d3500f9b5473cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
40KB

MD5
08d41a601c9e39ea427cbb8e694b322e

SHA1
bf3bc9482ea814db5eebab630e9a45cb496ef643

SHA256
6b693f84997aa440a8b36ffb64efebf73aa878ae156dc3eeba24a6e5eade6592

SHA512
518a349e521035103d6678923a0af3a1022a0dc7079bd3fbb695e11ca8e6db8f8203293f9ebdc82dd43f9c14766ec8a9c611f6d94173bcf902a8e4b13bc4a43f

Download Submit
memory/1164-17-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1164-19-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/1164-21-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/1304-0-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1304-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1304-2-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/1304-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1304-15-0x0000000000500000-0x000000000050B000-memory.dmp

Filesize
44KB

Download
memory/1304-13-0x0000000002780000-0x000000000278B000-memory.dmp

Filesize
44KB

Download