16a8e4f8e2ba7fca65215e0fb7c1fd3df9aacae62b9c17b34638197ee21b193b

Analysis

max time kernel
2s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2023, 16:36

Target

30955a964be54811f9b425bc778fc846_cryptolocker_JC.exe
Size

83KB
MD5

30955a964be54811f9b425bc778fc846
SHA1

725eb6bbe59abdf7082295c974aa7800d3774e09
SHA256

16a8e4f8e2ba7fca65215e0fb7c1fd3df9aacae62b9c17b34638197ee21b193b
SHA512

e403dd6e6c56267b34c04ee182fbcfa34ac198e768926a8bbda2628fe18c6694aff1945c7612def87eda86c9c4a522b80ddb68af9ca92eb02716b3b419996a0d
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRXrZSUfFKaz7ueB9o:xj+VGMOtEvwDpjubwQEI8Utz7do

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\30955a964be54811f9b425bc778fc846_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\30955a964be54811f9b425bc778fc846_cryptolocker_JC.exe"
1⤵
PID:4280
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  PID:1880

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
84KB

MD5
ef785cd2085cd0d1b57449eb74290ef9

SHA1
9c0be59bdc96e3f6991e7b2c20bf09aae1e7c64a

SHA256
1e5ee05abf2e43095dd594357c0d3fe3f4d7ff003cb4912539959ac05b4fa091

SHA512
6b0d60538393df51c4224232764d9e3ec1e9d512a9426dc358bf1d7f617da1292ed7085786e6e654a0a1e8874ae9ed076606c793f68d7fb77c50eb24655bbf94

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
84KB

MD5
ef785cd2085cd0d1b57449eb74290ef9

SHA1
9c0be59bdc96e3f6991e7b2c20bf09aae1e7c64a

SHA256
1e5ee05abf2e43095dd594357c0d3fe3f4d7ff003cb4912539959ac05b4fa091

SHA512
6b0d60538393df51c4224232764d9e3ec1e9d512a9426dc358bf1d7f617da1292ed7085786e6e654a0a1e8874ae9ed076606c793f68d7fb77c50eb24655bbf94

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
84KB

MD5
ef785cd2085cd0d1b57449eb74290ef9

SHA1
9c0be59bdc96e3f6991e7b2c20bf09aae1e7c64a

SHA256
1e5ee05abf2e43095dd594357c0d3fe3f4d7ff003cb4912539959ac05b4fa091

SHA512
6b0d60538393df51c4224232764d9e3ec1e9d512a9426dc358bf1d7f617da1292ed7085786e6e654a0a1e8874ae9ed076606c793f68d7fb77c50eb24655bbf94

Download Submit
memory/4280-133-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/4280-134-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/4280-135-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/4280-136-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download