Overview

overview

7

Static

static

3

8e1aa0013f...JC.exe

windows7-x64

7

8e1aa0013f...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2023, 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e1aa0013f4b30199624e3736562e37d_cryptolocker_JC.exe

  • Size

    44KB

  • MD5

    8e1aa0013f4b30199624e3736562e37d

  • SHA1

    1a4df0b02f7905dd3b52687f2fa3b31506daed16

  • SHA256

    5c44fb187a1a42d69a341d9f042dc649d1beb325ed622f3425e4cd7581704955

  • SHA512

    e70d044a22b5e4cd1e4b35684d83a8242ed1dedb54eec527b08ca34887a36b3468efc2481b87aeab5855457f15dd4e2cd2d96d35cf55fceec5104c25d837c071

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr46xdUU/:vj+jsMQMOtEvwDpj5Hczer5ik

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e1aa0013f4b30199624e3736562e37d_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\8e1aa0013f4b30199624e3736562e37d_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    44KB

    MD5

    c2f847fef7341ba2ba6d2a317421344f

    SHA1

    a4f466abdc641cca0a4d0119b462832fec649c17

    SHA256

    4db8040c1fde011474baa97d6c108a1641c07e18784e24671def4ea0fd834cba

    SHA512

    fbfbe14d14a827cd4edc79864173ce993544d137a446aa188c007927fb1e037d4fb352ba0d8d88ba8326abc564680a1cd88d3b0c673009436272597f70007b18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    44KB

    MD5

    c2f847fef7341ba2ba6d2a317421344f

    SHA1

    a4f466abdc641cca0a4d0119b462832fec649c17

    SHA256

    4db8040c1fde011474baa97d6c108a1641c07e18784e24671def4ea0fd834cba

    SHA512

    fbfbe14d14a827cd4edc79864173ce993544d137a446aa188c007927fb1e037d4fb352ba0d8d88ba8326abc564680a1cd88d3b0c673009436272597f70007b18

    Download Submit

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    44KB

    MD5

    c2f847fef7341ba2ba6d2a317421344f

    SHA1

    a4f466abdc641cca0a4d0119b462832fec649c17

    SHA256

    4db8040c1fde011474baa97d6c108a1641c07e18784e24671def4ea0fd834cba

    SHA512

    fbfbe14d14a827cd4edc79864173ce993544d137a446aa188c007927fb1e037d4fb352ba0d8d88ba8326abc564680a1cd88d3b0c673009436272597f70007b18

    Download Submit

  • memory/1740-68-0x00000000004B0000-0x00000000004B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1740-69-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-53-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-54-0x00000000002B0000-0x00000000002B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-56-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download