70cda1d737f68879ba90e94d1ad355b7d2f52850611426c7a041c26564fbb587

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2023 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fadf41b13ef975c60235b98ff523478_cryptolocker_JC.exe
Size

32KB
MD5

7fadf41b13ef975c60235b98ff523478
SHA1

a85866406fca403c96bbb4a4df90c01e6783fc17
SHA256

70cda1d737f68879ba90e94d1ad355b7d2f52850611426c7a041c26564fbb587
SHA512

156a754fbc64851dae45dec9487b1f59298166a0f0ea79c7f1d469e42d3e8718ebff53aa5a3f13cbdb064c938b319a3c8059141b71167b9b1dcd36e82e52ef07
SSDEEP

384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4H0g/Xf4p8ACMl1qI6+QXghn:bIDOw9UiaCHfjnE0Sf88AvvP1oghn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2316	lossy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 2316	3348	7fadf41b13ef975c60235b98ff523478_cryptolocker_JC.exe	80
PID 3348 wrote to memory of 2316	3348	7fadf41b13ef975c60235b98ff523478_cryptolocker_JC.exe	80
PID 3348 wrote to memory of 2316	3348	7fadf41b13ef975c60235b98ff523478_cryptolocker_JC.exe	80

C:\Users\Admin\AppData\Local\Temp\7fadf41b13ef975c60235b98ff523478_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7fadf41b13ef975c60235b98ff523478_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
32KB

MD5
ccab4f7b056ad265066a2b2c8ba36109

SHA1
6553e108f0a86a3c6942438f9d27a34e8f49fb83

SHA256
041c61bb9b063b6569f01dcbc68c17793963cb2bd3bf3898754cc883577de518

SHA512
47076b13220ab59d70f345eaf45104e6344d8176168a6505b5015535c9a7387ec734149a71132466064256bb39c836231d23752aef2888ad24a5c6e4628a1854

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
32KB

MD5
ccab4f7b056ad265066a2b2c8ba36109

SHA1
6553e108f0a86a3c6942438f9d27a34e8f49fb83

SHA256
041c61bb9b063b6569f01dcbc68c17793963cb2bd3bf3898754cc883577de518

SHA512
47076b13220ab59d70f345eaf45104e6344d8176168a6505b5015535c9a7387ec734149a71132466064256bb39c836231d23752aef2888ad24a5c6e4628a1854

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
32KB

MD5
ccab4f7b056ad265066a2b2c8ba36109

SHA1
6553e108f0a86a3c6942438f9d27a34e8f49fb83

SHA256
041c61bb9b063b6569f01dcbc68c17793963cb2bd3bf3898754cc883577de518

SHA512
47076b13220ab59d70f345eaf45104e6344d8176168a6505b5015535c9a7387ec734149a71132466064256bb39c836231d23752aef2888ad24a5c6e4628a1854

Download Submit
memory/2316-151-0x00000000005B0000-0x00000000005B6000-memory.dmp

Filesize
24KB

Download
memory/2316-150-0x00000000005D0000-0x00000000005D6000-memory.dmp

Filesize
24KB

Download
memory/3348-133-0x0000000002180000-0x0000000002186000-memory.dmp

Filesize
24KB

Download
memory/3348-134-0x0000000002180000-0x0000000002186000-memory.dmp

Filesize
24KB

Download
memory/3348-135-0x00000000021A0000-0x00000000021A6000-memory.dmp

Filesize
24KB

Download