b4e810e2b27dad60c2ae598b72be15d9fb70fc8e22421c3852bb908c0ca59867

Analysis

max time kernel
131s
max time network
144s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03/08/2023, 15:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe
Size

53KB
MD5

4991e1ce4907bae4ac31175f0a7499a4
SHA1

457ff7a158976f6dcf5c416f4c01ca7549670c49
SHA256

b4e810e2b27dad60c2ae598b72be15d9fb70fc8e22421c3852bb908c0ca59867
SHA512

239b465d79ad4bbccbb8b27238de8ee9b12cd74351c7d984f08802c79dd7273f1123b161d41920daf8f752eaae0fb24d7784242cfa91306c14c5e601e21c9594
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lB4dCOBy/cMFqeoYqHx:ZzFbxmLPWQMOtEvwDpj38lD/cMA3Hx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2660	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1152	4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2660	1152	4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe	28
PID 1152 wrote to memory of 2660	1152	4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe	28
PID 1152 wrote to memory of 2660	1152	4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe	28
PID 1152 wrote to memory of 2660	1152	4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\4991e1ce4907bae4ac31175f0a7499a4_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
53KB

MD5
7ec4d80762eb5b19962c13b859f8ca52

SHA1
f3934d8601540835f89668730c8385002ea4a2ea

SHA256
95b7019e9beaf796150bc57d91d4fc77e785acf07833cc6f3b871cc9aa2292db

SHA512
70db5972e73e6509725d004e707825165f5d2c18dfb3760815c090757bce12cc3252bf5b8a349e82e2259d054ea65a92eeef07a72d673a781e17769b35f72d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
53KB

MD5
7ec4d80762eb5b19962c13b859f8ca52

SHA1
f3934d8601540835f89668730c8385002ea4a2ea

SHA256
95b7019e9beaf796150bc57d91d4fc77e785acf07833cc6f3b871cc9aa2292db

SHA512
70db5972e73e6509725d004e707825165f5d2c18dfb3760815c090757bce12cc3252bf5b8a349e82e2259d054ea65a92eeef07a72d673a781e17769b35f72d53

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
53KB

MD5
7ec4d80762eb5b19962c13b859f8ca52

SHA1
f3934d8601540835f89668730c8385002ea4a2ea

SHA256
95b7019e9beaf796150bc57d91d4fc77e785acf07833cc6f3b871cc9aa2292db

SHA512
70db5972e73e6509725d004e707825165f5d2c18dfb3760815c090757bce12cc3252bf5b8a349e82e2259d054ea65a92eeef07a72d673a781e17769b35f72d53

Download Submit
memory/1152-54-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1152-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/1152-56-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2660-68-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2660-70-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2660-71-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/2660-78-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download