b1f21c739b50cccb5cebecb6c14697d9892702bfaa03b62a7e079739869c4d04

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe
Size

101KB
MD5

6228b370b41562eb1569154fdd0c6af5
SHA1

a30c47af3683f9e20a1ad21d97a5ca220ce7f50a
SHA256

b1f21c739b50cccb5cebecb6c14697d9892702bfaa03b62a7e079739869c4d04
SHA512

181f69bccd8965d5a9269e3a487772ae85930d74b41f80fe3989e6614ca31614f06ebb818e440e93f83366df0561c6924f0e04ececc34958edb995533f5ad7b2
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWCCy9TaoRK3bxJ:xj+VGMOtEvwDpjubwQEIiePoR8J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2692	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2132	6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2692	2132	6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe	28
PID 2132 wrote to memory of 2692	2132	6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe	28
PID 2132 wrote to memory of 2692	2132	6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe	28
PID 2132 wrote to memory of 2692	2132	6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\6228b370b41562eb1569154fdd0c6af5_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
f7d6b0f0d3a20872e51b13aaa905ff98

SHA1
c8f6ac1b3e3a589e5181d592e4c2ff8ec338d897

SHA256
1e1403bfe9866ffd5169dcd64561a9c9005f18f73a23f5c2c9ac9cdc5daed57c

SHA512
2394deba321477d359947c117f006c3077d540640a459dccd2092f461f3901af741360449c7f3e7494ae7f65d4f4c16c4b84a5a2124d30b8701bbc9540beb2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
f7d6b0f0d3a20872e51b13aaa905ff98

SHA1
c8f6ac1b3e3a589e5181d592e4c2ff8ec338d897

SHA256
1e1403bfe9866ffd5169dcd64561a9c9005f18f73a23f5c2c9ac9cdc5daed57c

SHA512
2394deba321477d359947c117f006c3077d540640a459dccd2092f461f3901af741360449c7f3e7494ae7f65d4f4c16c4b84a5a2124d30b8701bbc9540beb2c5

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
f7d6b0f0d3a20872e51b13aaa905ff98

SHA1
c8f6ac1b3e3a589e5181d592e4c2ff8ec338d897

SHA256
1e1403bfe9866ffd5169dcd64561a9c9005f18f73a23f5c2c9ac9cdc5daed57c

SHA512
2394deba321477d359947c117f006c3077d540640a459dccd2092f461f3901af741360449c7f3e7494ae7f65d4f4c16c4b84a5a2124d30b8701bbc9540beb2c5

Download Submit
memory/2132-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2132-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2132-56-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2132-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2132-68-0x0000000001F60000-0x0000000001F70000-memory.dmp

Filesize
64KB

Download
memory/2132-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2692-71-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2692-73-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2692-74-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/2692-81-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download