e1a3ce1005c7ba61984a0e300702d918a9cfb9875d5f0db2ad745556cdf553aa

Analysis

max time kernel
130s
max time network
143s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05-08-2023 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe
Size

117KB
MD5

6e7f96755f6559e9eaee98751b9e1e7d
SHA1

62565dae8c8c4e4e1e58bf13a8b39ce6ad86afb9
SHA256

e1a3ce1005c7ba61984a0e300702d918a9cfb9875d5f0db2ad745556cdf553aa
SHA512

62baf3bd9ae435ab6926f7f245c1f960382552a139cef08f7bde29c86ef78e051b6b6b96f859bf4ed5211ad1c202e0e9ec8fcaad202e87be15bc8dfb63598c80
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIuBKLUi:vCjsIOtEvwDpj5H9YvQd2S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2468	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2580	6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2468	2580	6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe	28
PID 2580 wrote to memory of 2468	2580	6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe	28
PID 2580 wrote to memory of 2468	2580	6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe	28
PID 2580 wrote to memory of 2468	2580	6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\6e7f96755f6559e9eaee98751b9e1e7d_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
117KB

MD5
c5d068ed6ae6610168682ce61e575ece

SHA1
850a4251c02feabab8a557506a003633e0397292

SHA256
c8e184e5227a7f3b9917c958e39dbe30eaaadf51180d413015ab0689fa576721

SHA512
16a502ba3fd46d464c80799942663acce4914279676df05e62d815021814df27720c2553e25ce3cf9c1141918ff70b05ea859c2b4ec7aefc0bf117280874735c

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
117KB

MD5
c5d068ed6ae6610168682ce61e575ece

SHA1
850a4251c02feabab8a557506a003633e0397292

SHA256
c8e184e5227a7f3b9917c958e39dbe30eaaadf51180d413015ab0689fa576721

SHA512
16a502ba3fd46d464c80799942663acce4914279676df05e62d815021814df27720c2553e25ce3cf9c1141918ff70b05ea859c2b4ec7aefc0bf117280874735c

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
117KB

MD5
c5d068ed6ae6610168682ce61e575ece

SHA1
850a4251c02feabab8a557506a003633e0397292

SHA256
c8e184e5227a7f3b9917c958e39dbe30eaaadf51180d413015ab0689fa576721

SHA512
16a502ba3fd46d464c80799942663acce4914279676df05e62d815021814df27720c2553e25ce3cf9c1141918ff70b05ea859c2b4ec7aefc0bf117280874735c

Download Submit
memory/2468-69-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2468-70-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2580-54-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2580-55-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2580-58-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download