111356fb210f16d6f2989663921f0e0a8ce232e0260623efbde1122616562764

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 17:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe
Size

42KB
MD5

fbd354e1e6aac10ea6efd4351468bea9
SHA1

ea009fbc8fec088bdbdeb3e042e81342fd4bf39a
SHA256

111356fb210f16d6f2989663921f0e0a8ce232e0260623efbde1122616562764
SHA512

341da99a4437554f797e0f4bf84e78a0d1342d538bc6277ee6ed322ccb8aa98c386481728c19fbbaf1afb12aaa25897f1c6ce8106d5a8926573745e52688521b
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrNE+:vj+jsMQMOtEvwDpj5HczerNE+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2532	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2676	fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2532	2676	fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe	28
PID 2676 wrote to memory of 2532	2676	fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe	28
PID 2676 wrote to memory of 2532	2676	fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe	28
PID 2676 wrote to memory of 2532	2676	fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\fbd354e1e6aac10ea6efd4351468bea9_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
42KB

MD5
94acda94e79f51b87c109759cf9742a5

SHA1
edbbc526a4b91b36d3bfed0ebe30133e6498d477

SHA256
5f983119edeeef5f1387992883ea7a15047cf557c290da341455d3e0260a6fe1

SHA512
05d3aef05ba0ef6610dcf8a086374053b4ea734a5c852411b94adbd14cad34b28a94ba5842c6ec5d7efb94ae52779fa88b0eb453c6b743d02f5190585a0a75ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
42KB

MD5
94acda94e79f51b87c109759cf9742a5

SHA1
edbbc526a4b91b36d3bfed0ebe30133e6498d477

SHA256
5f983119edeeef5f1387992883ea7a15047cf557c290da341455d3e0260a6fe1

SHA512
05d3aef05ba0ef6610dcf8a086374053b4ea734a5c852411b94adbd14cad34b28a94ba5842c6ec5d7efb94ae52779fa88b0eb453c6b743d02f5190585a0a75ee

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
42KB

MD5
94acda94e79f51b87c109759cf9742a5

SHA1
edbbc526a4b91b36d3bfed0ebe30133e6498d477

SHA256
5f983119edeeef5f1387992883ea7a15047cf557c290da341455d3e0260a6fe1

SHA512
05d3aef05ba0ef6610dcf8a086374053b4ea734a5c852411b94adbd14cad34b28a94ba5842c6ec5d7efb94ae52779fa88b0eb453c6b743d02f5190585a0a75ee

Download Submit
memory/2532-70-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2532-69-0x0000000000340000-0x0000000000346000-memory.dmp

Filesize
24KB

Download
memory/2676-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2676-56-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2676-55-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download