Overview

overview

7

Static

static

7

2024-06-27...er.exe

windows7-x64

7

2024-06-27...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 03:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-27_2e459f79f52e4ff3fa7ff903b2793f5a_cryptolocker.exe

  • Size

    36KB

  • MD5

    2e459f79f52e4ff3fa7ff903b2793f5a

  • SHA1

    d462a28bd038ab691daad025338784e2f726a7d8

  • SHA256

    ae91a1c603b3c9b9a9b4587cd605eaaa383b6415ff78fa45141e2ad2081108fb

  • SHA512

    369ae2e85d0645ecda4c942157cf73004823251bcd7c1c5ea0c5839617884553dc22c45b6f717a683fbb9c613df02c37bbcfb46312ad8c973db51d8aa91628e9

  • SSDEEP

    768:q7PdFecFS5agQtOOtEvwDpjeMLZdzuqpXsiE8Wq/DpkITB:qDdFJy3QMOtEvwDpjjWMl7TB

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-27_2e459f79f52e4ff3fa7ff903b2793f5a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-27_2e459f79f52e4ff3fa7ff903b2793f5a_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2360

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
No results found
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    248 B
     4

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    37KB

    MD5

    0ef4141e098e75b1bf567b8864962854

    SHA1

    d69d8b4ddf359876bd038967462d5e59a3d662b3

    SHA256

    d9b53468e8f2175071deba4e487fbcb56cfd16b57a7c5a3f5e8b596c0570d7c7

    SHA512

    a766cdc6155db4f968ae2657cb1f3b4963e838fded9d131818efbfdabf9ef8d5e4604107532a4691110dc9f3021f984f5daefef15ed70cd8ed7c8fe7ee4cd7c3

    Download Submit

  • memory/2360-17-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2360-19-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2360-26-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2360-27-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2436-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2436-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2436-2-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2436-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2436-16-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.