e5794eeb1456b3038c960f010566eed3824c1603a3f3a06d32afbf13f2fa825d

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 02:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe
Size

392KB
MD5

a563fe789238e725e27ba66c5850036b
SHA1

34bc58fa88b6cfd19ea1de871b988e5d9b7599e1
SHA256

e5794eeb1456b3038c960f010566eed3824c1603a3f3a06d32afbf13f2fa825d
SHA512

3929aaf58379208f11ac890060d2cdaebca9705d9386a1de0e40db7fdaba5ecc68b1b4f7d08a1f3b0101d55a05828247619acc0cd1c307099096937ac68abc7e
SSDEEP

6144:nnOsaQgAOjvrZFODJjBz3j1jTqQy6v2GGnugOtihzXRR:nnOflT/ZFIjBz3xjTxynGUOUhXRR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2252	hasfj.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2252	2324	2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe	28
PID 2324 wrote to memory of 2252	2324	2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe	28
PID 2324 wrote to memory of 2252	2324	2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe	28
PID 2324 wrote to memory of 2252	2324	2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-06_a563fe789238e725e27ba66c5850036b_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  - Executes dropped EXE
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
392KB

MD5
14de83cc6b7c2b580f57d1304c1820dc

SHA1
22e64cb2f4980e61b827d870f1d661f83b9c9f22

SHA256
4025b37232323981cde16a047278412f4317d9960b0e3984e4346fe5ae2e46c8

SHA512
752ff548add9552a887d666a355debb6c86e88a4b9cef3d1774382c470d4f45af3fba568f455f485f19c5f806f33cb6340eb9131324992cbed51b46a7c1bceed

Download Submit
memory/2252-15-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2252-22-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/2324-0-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/2324-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2324-8-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download