bf029b077de3629f7052b6ddabda8b1fed7b85d85580578a183dbb7df01fd241

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 20:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe
Size

75KB
MD5

7c08a02fa223c08d8fabaac8a406041b
SHA1

4938f877a340d0d69781f359ad48d6a68e9b7d23
SHA256

bf029b077de3629f7052b6ddabda8b1fed7b85d85580578a183dbb7df01fd241
SHA512

10fd0a743953ee35ad4d94a85614c1c4e08db7dde1e688bb4dcd39c226715b11ac73acf84a4f5089ed1282fac2e825e0719131397261cd37e72a1d3e7ea309ee
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfy/tK0t:vCjsIOtEvwDpj5H9YvQd2El

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2296	7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2680	2296	7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe	28
PID 2296 wrote to memory of 2680	2296	7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe	28
PID 2296 wrote to memory of 2680	2296	7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe	28
PID 2296 wrote to memory of 2680	2296	7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7c08a02fa223c08d8fabaac8a406041b_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
25ecc4fff24040ce4c0c5c85e11639e6

SHA1
3082c716eab1b8f1215aa5e66896e8133c00f7d6

SHA256
0c47a8f8a54e1ad25a93f5babf0539fc7ecc6169192e4a9970b72f563caabd2c

SHA512
9eff7a7cf32645e4ff22345a17280905550979f3d0ea1e27b759136691081b3d88a78b2138f415e76dc53afe199b22147bcda139f13c3fc816c6b29bddf6265f

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
25ecc4fff24040ce4c0c5c85e11639e6

SHA1
3082c716eab1b8f1215aa5e66896e8133c00f7d6

SHA256
0c47a8f8a54e1ad25a93f5babf0539fc7ecc6169192e4a9970b72f563caabd2c

SHA512
9eff7a7cf32645e4ff22345a17280905550979f3d0ea1e27b759136691081b3d88a78b2138f415e76dc53afe199b22147bcda139f13c3fc816c6b29bddf6265f

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
25ecc4fff24040ce4c0c5c85e11639e6

SHA1
3082c716eab1b8f1215aa5e66896e8133c00f7d6

SHA256
0c47a8f8a54e1ad25a93f5babf0539fc7ecc6169192e4a9970b72f563caabd2c

SHA512
9eff7a7cf32645e4ff22345a17280905550979f3d0ea1e27b759136691081b3d88a78b2138f415e76dc53afe199b22147bcda139f13c3fc816c6b29bddf6265f

Download Submit
memory/2296-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2296-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2296-56-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2680-69-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download