f5e210621f0acbe26bd2f351223ad17c658d636b1c219c25bbf13767880fe848

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 17:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe
Size

101KB
MD5

65c5d89084e8674e978d436c92defbd6
SHA1

989a8834666fcf686adf0a4018c5a304c8d2e4e3
SHA256

f5e210621f0acbe26bd2f351223ad17c658d636b1c219c25bbf13767880fe848
SHA512

49be2fe0d5552f9ee824fd2e8975812d3dad4e386e9ff9477ee44c6c399c0050a9d71df7339767b7d16ac33071b463eabe357058cb018d91b19edd183cbbc1ee
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWCCy9TaoRK3Q:xj+VGMOtEvwDpjubwQEIiePoRp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1724	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1784	65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1724	1784	65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe	28
PID 1784 wrote to memory of 1724	1784	65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe	28
PID 1784 wrote to memory of 1724	1784	65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe	28
PID 1784 wrote to memory of 1724	1784	65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\65c5d89084e8674e978d436c92defbd6_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
e45fef85bd8bdcadd0b48eefee9272a0

SHA1
481395940fa93a6427d520eedace6e03f4e2859d

SHA256
f02211c9549f3aa6a4e50de4598463e9b4b5696d51e4a1e7ff5975942b920a72

SHA512
56e0fc480670e3a3240307a6bd8455fc836023780bee4c4c85fba87a6e40b3b7b56d5241a41b3c0ac2fc094b3948894cc6d39e61a729d867c4a931cc9f28d37d

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
e45fef85bd8bdcadd0b48eefee9272a0

SHA1
481395940fa93a6427d520eedace6e03f4e2859d

SHA256
f02211c9549f3aa6a4e50de4598463e9b4b5696d51e4a1e7ff5975942b920a72

SHA512
56e0fc480670e3a3240307a6bd8455fc836023780bee4c4c85fba87a6e40b3b7b56d5241a41b3c0ac2fc094b3948894cc6d39e61a729d867c4a931cc9f28d37d

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
101KB

MD5
e45fef85bd8bdcadd0b48eefee9272a0

SHA1
481395940fa93a6427d520eedace6e03f4e2859d

SHA256
f02211c9549f3aa6a4e50de4598463e9b4b5696d51e4a1e7ff5975942b920a72

SHA512
56e0fc480670e3a3240307a6bd8455fc836023780bee4c4c85fba87a6e40b3b7b56d5241a41b3c0ac2fc094b3948894cc6d39e61a729d867c4a931cc9f28d37d

Download Submit
memory/1724-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1724-79-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1784-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1784-55-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/1784-56-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/1784-57-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1784-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download