808b0ede6a508c9d9fd354022ca1f5153a8d9cee5d80cb94b7ff8558286995e2

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe
Size

34KB
MD5

2d27144fc6241db562b406473940597f
SHA1

b77f2a3e58cdcccad0189af60a8be49d1048d727
SHA256

808b0ede6a508c9d9fd354022ca1f5153a8d9cee5d80cb94b7ff8558286995e2
SHA512

b2d23b634bcae7e3fbc333fc18b1e78056f8c3d2d12c10502a5231f41ec4858946733a8e0da4e931234b9faf925127ec1b1ae804bf387dfaba6b7e90bcb8b42e
SSDEEP

384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTGXuat:bG74zYcgT/Ekd0ryfjo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2944	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2944	2232	2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe	28
PID 2232 wrote to memory of 2944	2232	2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe	28
PID 2232 wrote to memory of 2944	2232	2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe	28
PID 2232 wrote to memory of 2944	2232	2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-30_2d27144fc6241db562b406473940597f_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
34KB

MD5
b0d2374696d9bb560df8eabbb9e528e2

SHA1
4e44b2f84451f856461241e630ffd59ffab75c90

SHA256
78e969b351cf1494c13ae88af021af663ee4a09a5f89ef696e21945a3199cc30

SHA512
c1d6efa0a9c40a1bddc4b446901c44c2af3fc251834fe99c1d2a4dba7c04c6a51b2d3bed3a81c67b033cb3c876b2c425c656650143ba87fcdce28328132ff648

Download Submit
memory/2232-0-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2232-9-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/2232-2-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2232-1-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/2232-15-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2944-16-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2944-18-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2944-25-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download