31ee2fbdff7acbf26ce3992b4a5c9777edf11f3803394a64bb43773ceed7d6e3

Analysis

max time kernel
154s
max time network
163s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 19:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe
Size

87KB
MD5

765c3da837e870c378fb1d9732bfb773
SHA1

33c65934c37b5149d3eb08f7f0a3f69de919e282
SHA256

31ee2fbdff7acbf26ce3992b4a5c9777edf11f3803394a64bb43773ceed7d6e3
SHA512

8e00c2c415a582606ada891506534bff8550114406e91c62e8e2823156de2e641ae408d2eddd809d95cda90c727d82be356c70ff4dde80d77adbf6149e68128f
SSDEEP

1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRDDG:zCsanOtEvwDpjP

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1356	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-54-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x00080000000120f4-65.dat	upx
behavioral1/memory/2324-69-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1356-72-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x00080000000120f4-68.dat	upx
behavioral1/files/0x00080000000120f4-79.dat	upx
behavioral1/memory/1356-81-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 1356	2324	765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe	28
PID 2324 wrote to memory of 1356	2324	765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe	28
PID 2324 wrote to memory of 1356	2324	765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe	28
PID 2324 wrote to memory of 1356	2324	765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\765c3da837e870c378fb1d9732bfb773_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
bda508e2483d21fe9405aab73a65dc9b

SHA1
1d18adccd40c5315b8492140cd23ba464190df13

SHA256
7ddc4b5976c6aaa2ffb5fdd76771d7018f3f95e001e5fb98ed3fe436485f0f30

SHA512
2d9d59b65d20d9b2617e6c39aa42f6f6fd60d19cb4e788b2074e999651e98cda0cc1b134adf76d4ec204c90c97ab093cc56b755b47ab28fb52fb5c29d2a0eb92

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
bda508e2483d21fe9405aab73a65dc9b

SHA1
1d18adccd40c5315b8492140cd23ba464190df13

SHA256
7ddc4b5976c6aaa2ffb5fdd76771d7018f3f95e001e5fb98ed3fe436485f0f30

SHA512
2d9d59b65d20d9b2617e6c39aa42f6f6fd60d19cb4e788b2074e999651e98cda0cc1b134adf76d4ec204c90c97ab093cc56b755b47ab28fb52fb5c29d2a0eb92

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
87KB

MD5
bda508e2483d21fe9405aab73a65dc9b

SHA1
1d18adccd40c5315b8492140cd23ba464190df13

SHA256
7ddc4b5976c6aaa2ffb5fdd76771d7018f3f95e001e5fb98ed3fe436485f0f30

SHA512
2d9d59b65d20d9b2617e6c39aa42f6f6fd60d19cb4e788b2074e999651e98cda0cc1b134adf76d4ec204c90c97ab093cc56b755b47ab28fb52fb5c29d2a0eb92

Download Submit
memory/1356-72-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1356-81-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1356-73-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2324-56-0x00000000004B0000-0x00000000004B6000-memory.dmp

Filesize
24KB

Download
memory/2324-69-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2324-70-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/2324-54-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2324-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2324-80-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/2324-55-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download