c65458b41b9185228b9306641ba0f5e28d8723363576068014fc1c0626fe7269

Analysis

max time kernel
130s
max time network
145s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
02/08/2023, 18:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe
Size

59KB
MD5

434bc93dedb9eee413dcceb88de570b6
SHA1

34e16e937ec9194db9c304cae07467bac86dbe4a
SHA256

c65458b41b9185228b9306641ba0f5e28d8723363576068014fc1c0626fe7269
SHA512

56c1620131d9eca7b8c77504a8e4bd30de2082e73ddc4df9e29cd409193be1e99f1da33f50d9dcc312c8cfa4231149ada3e094b56a39e6ff50f4dd813f883a49
SSDEEP

1536:vj+jsMQMOtEvwDpj5HyCyh7vtRJ4BqKb1cKtYV:vCjsIOtEvwDpj5Hv0z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2216	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2372	434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2216	2372	434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe	28
PID 2372 wrote to memory of 2216	2372	434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe	28
PID 2372 wrote to memory of 2216	2372	434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe	28
PID 2372 wrote to memory of 2216	2372	434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\434bc93dedb9eee413dcceb88de570b6_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
60KB

MD5
156493337ddd21f829cded630a29f9d5

SHA1
bf85a0cc77f6cb10deafb90d7166f1c23f8318fb

SHA256
01965f72291b0a9d91e8f569d77af8460defb9224a61fef5c94c6912afb62e8b

SHA512
4ae4c15f955acfa5f9debc0dead55ba05517aeae51f481a1aba391a43bade36c8382b014f6ef49d4c8b3401b63e79a036e3803582f45d5077d7c87052819a6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
60KB

MD5
156493337ddd21f829cded630a29f9d5

SHA1
bf85a0cc77f6cb10deafb90d7166f1c23f8318fb

SHA256
01965f72291b0a9d91e8f569d77af8460defb9224a61fef5c94c6912afb62e8b

SHA512
4ae4c15f955acfa5f9debc0dead55ba05517aeae51f481a1aba391a43bade36c8382b014f6ef49d4c8b3401b63e79a036e3803582f45d5077d7c87052819a6db

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
60KB

MD5
156493337ddd21f829cded630a29f9d5

SHA1
bf85a0cc77f6cb10deafb90d7166f1c23f8318fb

SHA256
01965f72291b0a9d91e8f569d77af8460defb9224a61fef5c94c6912afb62e8b

SHA512
4ae4c15f955acfa5f9debc0dead55ba05517aeae51f481a1aba391a43bade36c8382b014f6ef49d4c8b3401b63e79a036e3803582f45d5077d7c87052819a6db

Download Submit
memory/2216-69-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2216-70-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2372-54-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2372-55-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2372-56-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download