e1887f3717fe3088e78b57f1bee69c9d4eeb9d3190437d8e10bbc1d1c42e610c

Analysis

max time kernel
131s
max time network
142s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe
Size

74KB
MD5

57ff2db9e34446b11f584e84369f5b60
SHA1

418189bf9d2b58fa194b51c1598c0e9bcb932275
SHA256

e1887f3717fe3088e78b57f1bee69c9d4eeb9d3190437d8e10bbc1d1c42e610c
SHA512

3fb171d71bff309015d1b9f3ba14e03a950023cfff25956171234baf72af8fab365e2b483f10429513d60a009f095beed48b7688a5e8b55f6c0230cfa2e84b21
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJNpsAnJYqdIRAc3:ZVxkGOtEvwDpjcNY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1740	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2488	57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1740	2488	57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe	28
PID 2488 wrote to memory of 1740	2488	57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe	28
PID 2488 wrote to memory of 1740	2488	57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe	28
PID 2488 wrote to memory of 1740	2488	57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\57ff2db9e34446b11f584e84369f5b60_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
f03bd318da8adc6b14f4a335fd7fa142

SHA1
3205b64076eb6e463b80a452eadebf1f57452358

SHA256
b3de65dbfcce38c12d792e7a28c2cb03d130c80f8d26e22237ac30ac94d44df0

SHA512
f9fee1c5a2dec189c8eea9514cee1dcf7c0b4213b94dc43240510206a3075251b7589246f7205da87b1191f56b08b8dfba4ad145308ad8ffeb3440187c1a6c3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
f03bd318da8adc6b14f4a335fd7fa142

SHA1
3205b64076eb6e463b80a452eadebf1f57452358

SHA256
b3de65dbfcce38c12d792e7a28c2cb03d130c80f8d26e22237ac30ac94d44df0

SHA512
f9fee1c5a2dec189c8eea9514cee1dcf7c0b4213b94dc43240510206a3075251b7589246f7205da87b1191f56b08b8dfba4ad145308ad8ffeb3440187c1a6c3d

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
74KB

MD5
f03bd318da8adc6b14f4a335fd7fa142

SHA1
3205b64076eb6e463b80a452eadebf1f57452358

SHA256
b3de65dbfcce38c12d792e7a28c2cb03d130c80f8d26e22237ac30ac94d44df0

SHA512
f9fee1c5a2dec189c8eea9514cee1dcf7c0b4213b94dc43240510206a3075251b7589246f7205da87b1191f56b08b8dfba4ad145308ad8ffeb3440187c1a6c3d

Download Submit
memory/1740-68-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/1740-70-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/1740-71-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1740-78-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/2488-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2488-55-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2488-58-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download