dd89c21cd77a57e0d4a34246b01c140ee1bef38d862c6e3abcdca8049bfb3bf3

Analysis

max time kernel
133s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe
Size

87KB
MD5

e8878deb1cc685f51f348226878a53bd
SHA1

453a30b64bc9742a0eb9aafefea997be29a7bc3c
SHA256

dd89c21cd77a57e0d4a34246b01c140ee1bef38d862c6e3abcdca8049bfb3bf3
SHA512

9b6dfd286419aa486308edebe6badec31b8f403e72bdff4b030b01b6209d1ca961deacf809c128f2f929b9f19e56e2545f63955f4f6b62b25daa628f13a2a644
SSDEEP

1536:V6QFElP6n+gMQMOtEvwDpjyaLccVNl6ad:V6a+pOtEvwDpjvp5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2364	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2220	20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2364	2220	20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe	30
PID 2220 wrote to memory of 2364	2220	20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe	30
PID 2220 wrote to memory of 2364	2220	20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe	30
PID 2220 wrote to memory of 2364	2220	20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe	30

C:\Users\Admin\AppData\Local\Temp\20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
87KB

MD5
22e8da495547f5af3733bca57c191d03

SHA1
c1d8ace37ad1e6a9326e96a0543dc660e1a27baa

SHA256
048bed5a2bf0c263d4ac371041565757a1a49c6142194b7486a5aaf2f0b4580a

SHA512
a81e00d08f44590494609c678628ca8bbdbcf40a5ff7af402d3b57af8ca30625aa0af6236d533f3fae5d545e4291367ab587a2e7bf6d75d14747a8c3716b1776

Download Submit
memory/2220-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2220-8-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2220-1-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2364-22-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2364-15-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download