d2a14dbfd488e10ea32a92ab689dbb1b7ef461e7625dd65ed3b7c73326b1189c

Analysis

max time kernel
131s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
01-08-2023 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe
Size

80KB
MD5

357eeb9968b53eb7221bccc8d877d232
SHA1

e9b34a0f83f0cdfe742a1de7359a9858fd25d7ae
SHA256

d2a14dbfd488e10ea32a92ab689dbb1b7ef461e7625dd65ed3b7c73326b1189c
SHA512

a93aaa560c6303b7ece585e58e20267a8a56bb0805d43a246700221cc8cc81b896ba24914f7573597d3893c5f68ecc5d8aafcf3e74ae807e0d12ffaa1678242d
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8z2iaSIO/RvDQeduJHqqnzvNG1I:ZzFbxmLPWQMOtEvwDpj386Sj/RsxQz8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2944	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2592	357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2944	2592	357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe	28
PID 2592 wrote to memory of 2944	2592	357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe	28
PID 2592 wrote to memory of 2944	2592	357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe	28
PID 2592 wrote to memory of 2944	2592	357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\357eeb9968b53eb7221bccc8d877d232_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
80KB

MD5
48663d08ffd7546b3c86bc2dc63e0edb

SHA1
5c1b77745ec8395ece3b89e547ce1ba5566bd6cb

SHA256
ea58b55053d90e504bbb7aea4a62b205deee3917a97d3a64e26b4b65a1ab0c99

SHA512
05dd9336cc01debac3de62c62068908e3ad6e23a738d6c306eeff28aa9d4b88f045e8f76780a0dda9145ad2e5cf535b26427cbcbd1690222a21d7e6df62159b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
80KB

MD5
48663d08ffd7546b3c86bc2dc63e0edb

SHA1
5c1b77745ec8395ece3b89e547ce1ba5566bd6cb

SHA256
ea58b55053d90e504bbb7aea4a62b205deee3917a97d3a64e26b4b65a1ab0c99

SHA512
05dd9336cc01debac3de62c62068908e3ad6e23a738d6c306eeff28aa9d4b88f045e8f76780a0dda9145ad2e5cf535b26427cbcbd1690222a21d7e6df62159b3

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
80KB

MD5
48663d08ffd7546b3c86bc2dc63e0edb

SHA1
5c1b77745ec8395ece3b89e547ce1ba5566bd6cb

SHA256
ea58b55053d90e504bbb7aea4a62b205deee3917a97d3a64e26b4b65a1ab0c99

SHA512
05dd9336cc01debac3de62c62068908e3ad6e23a738d6c306eeff28aa9d4b88f045e8f76780a0dda9145ad2e5cf535b26427cbcbd1690222a21d7e6df62159b3

Download Submit
memory/2592-53-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/2592-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2592-56-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2592-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2944-68-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2944-71-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2944-70-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download