10d2aa60d3d29407a38f54168ac77d0983ea295ff4a4a7fab97075af94e64d86

Analysis

max time kernel
130s
max time network
143s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03/08/2023, 18:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe
Size

44KB
MD5

53e39e93c9282ce3882376500e05d614
SHA1

262fcc6c7f61a4c9d84728d8eaf99a69640adf38
SHA256

10d2aa60d3d29407a38f54168ac77d0983ea295ff4a4a7fab97075af94e64d86
SHA512

814125cc4e410fd369bfa88cbb0f678b9a1c978d049f85577866b1da9a9f041ffec9e2a3f89e0dba269ae920eb786db8b46129c9b7d5fb7a9d8ddd187c78f8cd
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjZ1UKXJ0T5baryRoP:ZzFbxmLPWQMOtEvwDpjbtJ0Z4yKP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2380	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2380	1636	53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe	28
PID 1636 wrote to memory of 2380	1636	53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe	28
PID 1636 wrote to memory of 2380	1636	53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe	28
PID 1636 wrote to memory of 2380	1636	53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\53e39e93c9282ce3882376500e05d614_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
8b64d20e7ef2a6df79d68aa10308b0a5

SHA1
e82dced84ff5f92f426d2425c861e87269c461a1

SHA256
aed4fe9a510549e7598940a9b1c6fbe059a0e3a826a6a121226f723d50b1797e

SHA512
47ed43927c962bad5f20e8687c9cb1ae790b42f49e4358a73eaefda818e7f3818edf8d62ebc6148a268d7612bc8830153ddf125ca890a232b2628ce08474e1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
8b64d20e7ef2a6df79d68aa10308b0a5

SHA1
e82dced84ff5f92f426d2425c861e87269c461a1

SHA256
aed4fe9a510549e7598940a9b1c6fbe059a0e3a826a6a121226f723d50b1797e

SHA512
47ed43927c962bad5f20e8687c9cb1ae790b42f49e4358a73eaefda818e7f3818edf8d62ebc6148a268d7612bc8830153ddf125ca890a232b2628ce08474e1e0

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
8b64d20e7ef2a6df79d68aa10308b0a5

SHA1
e82dced84ff5f92f426d2425c861e87269c461a1

SHA256
aed4fe9a510549e7598940a9b1c6fbe059a0e3a826a6a121226f723d50b1797e

SHA512
47ed43927c962bad5f20e8687c9cb1ae790b42f49e4358a73eaefda818e7f3818edf8d62ebc6148a268d7612bc8830153ddf125ca890a232b2628ce08474e1e0

Download Submit
memory/1636-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1636-56-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/1636-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2380-68-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2380-71-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2380-70-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2380-78-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download