a8a04863dd21972a853612eb631ee09aebf9b331fad88ba7023313b5f51ec4cf

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20/08/2023, 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe
Size

45KB
MD5

50c3e4959db59b1e862e1204aef8f626
SHA1

6958b6ac7cf5d9ca915d75b9b05c3f9cbf894a37
SHA256

a8a04863dd21972a853612eb631ee09aebf9b331fad88ba7023313b5f51ec4cf
SHA512

296553e054690771e8b0ea171c28ccc2bae0e911c70b036eee5bda407cb6707a87f245720c7555b0c4ed38fad1553c329f13812ee5d6f404bc232ac4e7846be1
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXKZ:bIDOw9a0DwitDZzo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2616	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
532	50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 2616	532	50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe	28
PID 532 wrote to memory of 2616	532	50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe	28
PID 532 wrote to memory of 2616	532	50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe	28
PID 532 wrote to memory of 2616	532	50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:532
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
45KB

MD5
bb507401e76ed36d980ae9e30f814304

SHA1
92761feed019b496723619fd12cdeac6d5d085ff

SHA256
bf05306148e52531a703bc3e4beaa786e03187f9f7d81809e69eae1c1fb26dae

SHA512
bf39f254fcbec5de5bdeaec0c745aa9eff43f674fb868bd9c8555678a2a764d6fe1a97934cd945a8e1191b79f3689cd3942f8f3c33a0ae0d91aabbc90785011d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
45KB

MD5
bb507401e76ed36d980ae9e30f814304

SHA1
92761feed019b496723619fd12cdeac6d5d085ff

SHA256
bf05306148e52531a703bc3e4beaa786e03187f9f7d81809e69eae1c1fb26dae

SHA512
bf39f254fcbec5de5bdeaec0c745aa9eff43f674fb868bd9c8555678a2a764d6fe1a97934cd945a8e1191b79f3689cd3942f8f3c33a0ae0d91aabbc90785011d

Download Submit
\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
45KB

MD5
bb507401e76ed36d980ae9e30f814304

SHA1
92761feed019b496723619fd12cdeac6d5d085ff

SHA256
bf05306148e52531a703bc3e4beaa786e03187f9f7d81809e69eae1c1fb26dae

SHA512
bf39f254fcbec5de5bdeaec0c745aa9eff43f674fb868bd9c8555678a2a764d6fe1a97934cd945a8e1191b79f3689cd3942f8f3c33a0ae0d91aabbc90785011d

Download Submit
memory/532-54-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/532-56-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/532-55-0x0000000000410000-0x0000000000416000-memory.dmp

Filesize
24KB

Download
memory/2616-70-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2616-69-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download