24b787651bb0ac7a3d612d442a9aae6190778519d84c36bcf29450e06ef3cfda

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
08-08-2023 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe
Size

57KB
MD5

9d5cf869cfcb841ef6cd07d09add9a74
SHA1

0d7ac0115650b7dfa53b9da420b056d9632da15f
SHA256

24b787651bb0ac7a3d612d442a9aae6190778519d84c36bcf29450e06ef3cfda
SHA512

504c93c6604b03c3dd582317a6de994d04397d3cc4d025c77c076eda02f8bbc0db653f389664707c93da841befd0e4e682296cf1ea2fa6e612c2a97d98d672cb
SSDEEP

1536:vj+jsMQMOtEvwDpj5HyCyh7vtRJ4BqKb1kB:vCjsIOtEvwDpj5Hv01

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
268	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2912	9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 268	2912	9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe	28
PID 2912 wrote to memory of 268	2912	9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe	28
PID 2912 wrote to memory of 268	2912	9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe	28
PID 2912 wrote to memory of 268	2912	9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\9d5cf869cfcb841ef6cd07d09add9a74_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
66c23a0b7900af0bf0d406c61e6b8213

SHA1
537d1db3f5a4cd8c488b3e65397e235773d4d4e7

SHA256
610553bad78fec21bd1c2b8fff2aaf41e5251a6c08733a36839c0d1ae6ce92d5

SHA512
4075c9ee16e4d836162b1c2cdbba9f7e6b80ff281483c393aa64b4b0898b53ee73c97c070af6ee644195624f3b7267d1deea717215e7bfefb3f54bc52b4142a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
66c23a0b7900af0bf0d406c61e6b8213

SHA1
537d1db3f5a4cd8c488b3e65397e235773d4d4e7

SHA256
610553bad78fec21bd1c2b8fff2aaf41e5251a6c08733a36839c0d1ae6ce92d5

SHA512
4075c9ee16e4d836162b1c2cdbba9f7e6b80ff281483c393aa64b4b0898b53ee73c97c070af6ee644195624f3b7267d1deea717215e7bfefb3f54bc52b4142a8

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
66c23a0b7900af0bf0d406c61e6b8213

SHA1
537d1db3f5a4cd8c488b3e65397e235773d4d4e7

SHA256
610553bad78fec21bd1c2b8fff2aaf41e5251a6c08733a36839c0d1ae6ce92d5

SHA512
4075c9ee16e4d836162b1c2cdbba9f7e6b80ff281483c393aa64b4b0898b53ee73c97c070af6ee644195624f3b7267d1deea717215e7bfefb3f54bc52b4142a8

Download Submit
memory/268-68-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/268-69-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2912-53-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2912-54-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2912-57-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download