16f7f348a8b942382c0ba73b1977502e9e8ef5a3b0d291d1edc278fe69a039f0

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03/08/2023, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe
Size

63KB
MD5

49b1d28df6808f1c6f5919209a39d373
SHA1

79d71a3be6c066b3a6bda3890726df9b93b46cd2
SHA256

16f7f348a8b942382c0ba73b1977502e9e8ef5a3b0d291d1edc278fe69a039f0
SHA512

320a26a52aa9a9a919a4b610e6be338d574b8c87ad8331139bbf256591fa7a3e1f3cadf5651f9957b97dfa2855413e77bd75abac351014a7253a1037b9dfffb4
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ36n9F+UN:ZVxkGOtEvwDpjcaAPN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2232	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2676	49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2232	2676	49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe	28
PID 2676 wrote to memory of 2232	2676	49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe	28
PID 2676 wrote to memory of 2232	2676	49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe	28
PID 2676 wrote to memory of 2232	2676	49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\49b1d28df6808f1c6f5919209a39d373_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
a0807bb660754557e79b162b1e8ea524

SHA1
5a000383bb2605b71ee770206110125d61937f4b

SHA256
2f1ce532f2c0c6f3948170d3a3c7abad8b31613477728880c7f215086b67534c

SHA512
8f556d1b8ef472890d0cd3834d506db16d00cb6fea83aad9e9b225522b790c53ca07438f90a970eb43d57c507afe227917df9a7839e08da670b1a113548d369b

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
a0807bb660754557e79b162b1e8ea524

SHA1
5a000383bb2605b71ee770206110125d61937f4b

SHA256
2f1ce532f2c0c6f3948170d3a3c7abad8b31613477728880c7f215086b67534c

SHA512
8f556d1b8ef472890d0cd3834d506db16d00cb6fea83aad9e9b225522b790c53ca07438f90a970eb43d57c507afe227917df9a7839e08da670b1a113548d369b

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
a0807bb660754557e79b162b1e8ea524

SHA1
5a000383bb2605b71ee770206110125d61937f4b

SHA256
2f1ce532f2c0c6f3948170d3a3c7abad8b31613477728880c7f215086b67534c

SHA512
8f556d1b8ef472890d0cd3834d506db16d00cb6fea83aad9e9b225522b790c53ca07438f90a970eb43d57c507afe227917df9a7839e08da670b1a113548d369b

Download Submit
memory/2232-67-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2232-69-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2232-70-0x0000000000420000-0x0000000000426000-memory.dmp

Filesize
24KB

Download
memory/2232-77-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2676-53-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/2676-54-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/2676-56-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download