2407f65c0cd6c1ce6624d538cef1f572bc9749dce84250cc0cd3a4e9b392b561

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe
Size

48KB
MD5

77e18ff1bbd1f0c2d3324a63b96948ed
SHA1

94cb70d486a9f646cf956076d9ea6a313311a377
SHA256

2407f65c0cd6c1ce6624d538cef1f572bc9749dce84250cc0cd3a4e9b392b561
SHA512

5c05fa7f8b0f803578112e8b3fe3a751cece75bb825d0719c9f75d7b10b2ebc69a885146f7a9907a1c1b183b6713774ca1c80ed399faa2a91fa879f4103398b6
SSDEEP

768:79inqyNR/QtOOtEvwDpjBKccJVODvy3SpU3r:79mqyNhQMOtEvwDpjBzckqS2r

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3056	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2980	2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3056	2980	2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe	28
PID 2980 wrote to memory of 3056	2980	2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe	28
PID 2980 wrote to memory of 3056	2980	2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe	28
PID 2980 wrote to memory of 3056	2980	2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-20_77e18ff1bbd1f0c2d3324a63b96948ed_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
48KB

MD5
685da9d552f5417dcfc6067a27729d88

SHA1
78826bd13dd941fdb3ce2fe568feda1c6b5bcca8

SHA256
815f648084bd4be6a9d99743b48b91a64bb4d55da2d96781c1f83b07211384dd

SHA512
c7a8ee9752db6804c0969e6fbf1847dcbac9cde72e22bd21632271c7df6400c5dd476fa6847bf2f2b0e9b661c8c3f1da86be41a4a1f52bde1370bd5dc8d7e0f4

Download Submit
memory/2980-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2980-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2980-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2980-2-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download
memory/2980-13-0x0000000002800000-0x000000000280F000-memory.dmp

Filesize
60KB

Download
memory/2980-16-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3056-19-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download