f9d40b43c42f82fe89ddba46d7e7acd6e9b0f27af679040ad1c93f13be31d796

Analysis

max time kernel
130s
max time network
143s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20/08/2023, 10:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe
Size

50KB
MD5

51e940c54e402acbba7c8f3734c1fc34
SHA1

854ec85294a26d643859da6459ca3bd0cb3ac30f
SHA256

f9d40b43c42f82fe89ddba46d7e7acd6e9b0f27af679040ad1c93f13be31d796
SHA512

7b04c0e2d18ce381ada237ca2efb397f742b2b3ff372a8d4d43904436993a4422854e178d29bda87c9e7b557df4cf46745afb70253ddd831865f998c393128a3
SSDEEP

768:zQz7yVEhs9+syJP6ntOOtEvwDpjFeV0Yj:zj+soPSMOtEvwDpj4yS

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2892	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2264	51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2264-53-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2264-67-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012023-64.dat	upx
behavioral1/memory/2892-70-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012023-69.dat	upx
behavioral1/files/0x0009000000012023-78.dat	upx
behavioral1/memory/2892-80-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2892	2264	51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe	28
PID 2264 wrote to memory of 2892	2264	51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe	28
PID 2264 wrote to memory of 2892	2264	51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe	28
PID 2264 wrote to memory of 2892	2264	51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\51e940c54e402acbba7c8f3734c1fc34_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
50KB

MD5
d8a718206bb02fca758c3489c40293fd

SHA1
144ccddf870c305f9849fdf5b5781861f1e51f85

SHA256
40376cdfba9bb28ab64071d39c1266393c836b6c7949841d15dd291efe7e0c98

SHA512
11b96a64b0bce1ec6e1b54200488828c4f26ac517d55dbb164e1a0d318c9086f5ffc6e88a7ca6dec08d5e23558b61ab379bc9268aea62e57e27b9c052f426775

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
50KB

MD5
d8a718206bb02fca758c3489c40293fd

SHA1
144ccddf870c305f9849fdf5b5781861f1e51f85

SHA256
40376cdfba9bb28ab64071d39c1266393c836b6c7949841d15dd291efe7e0c98

SHA512
11b96a64b0bce1ec6e1b54200488828c4f26ac517d55dbb164e1a0d318c9086f5ffc6e88a7ca6dec08d5e23558b61ab379bc9268aea62e57e27b9c052f426775

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
50KB

MD5
d8a718206bb02fca758c3489c40293fd

SHA1
144ccddf870c305f9849fdf5b5781861f1e51f85

SHA256
40376cdfba9bb28ab64071d39c1266393c836b6c7949841d15dd291efe7e0c98

SHA512
11b96a64b0bce1ec6e1b54200488828c4f26ac517d55dbb164e1a0d318c9086f5ffc6e88a7ca6dec08d5e23558b61ab379bc9268aea62e57e27b9c052f426775

Download Submit
memory/2264-53-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2264-55-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2264-56-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2264-67-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2264-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2264-68-0x0000000001DB0000-0x0000000001DC0000-memory.dmp

Filesize
64KB

Download
memory/2264-79-0x0000000001DB0000-0x0000000001DC0000-memory.dmp

Filesize
64KB

Download
memory/2892-70-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2892-72-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2892-80-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download