42bca65e70c90ba111a465a6e15e4f62377192ccff51e8aa47602536f73698ac

Analysis

max time kernel
1s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2023, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5680fced5c206a931586501fea1e6422_cryptolocker_JC.exe
Size

37KB
MD5

5680fced5c206a931586501fea1e6422
SHA1

2492017c91745d0dc9090b35af2422f46e6a073f
SHA256

42bca65e70c90ba111a465a6e15e4f62377192ccff51e8aa47602536f73698ac
SHA512

0523a1ed9a50b1fcd60dcf68835339c3d4a76403d1951496a0e081429e007a2ac607ccac1b51fdfce557079ac0066f1f93166c38b2737e73f81252ddc18c7f65
SSDEEP

384:60VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26aIIcVRYpetOOtEvwDpjqIGRmdHzOO6:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqh61q

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5680fced5c206a931586501fea1e6422_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5680fced5c206a931586501fea1e6422_cryptolocker_JC.exe"
1⤵
PID:1776
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
37KB

MD5
1c170c29476184f882bc39b6514854cb

SHA1
a6faffab42fe6d8350f19c138c3e0ccd879cf22d

SHA256
c6d01742520a6fd9d814d6d09cef6a9be28e611e68e5c5d7cba5606e38f8ed13

SHA512
7ab3ba530eebba175afca10048016b69cd729a1d0da6c2f435c11575737c9a2571fc24fc19d037b482b8cc9c1dcdcf307e19786a0bb2ae99ccd1498769e62086

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
37KB

MD5
1c170c29476184f882bc39b6514854cb

SHA1
a6faffab42fe6d8350f19c138c3e0ccd879cf22d

SHA256
c6d01742520a6fd9d814d6d09cef6a9be28e611e68e5c5d7cba5606e38f8ed13

SHA512
7ab3ba530eebba175afca10048016b69cd729a1d0da6c2f435c11575737c9a2571fc24fc19d037b482b8cc9c1dcdcf307e19786a0bb2ae99ccd1498769e62086

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
37KB

MD5
1c170c29476184f882bc39b6514854cb

SHA1
a6faffab42fe6d8350f19c138c3e0ccd879cf22d

SHA256
c6d01742520a6fd9d814d6d09cef6a9be28e611e68e5c5d7cba5606e38f8ed13

SHA512
7ab3ba530eebba175afca10048016b69cd729a1d0da6c2f435c11575737c9a2571fc24fc19d037b482b8cc9c1dcdcf307e19786a0bb2ae99ccd1498769e62086

Download Submit
memory/1776-133-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1776-134-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1776-135-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1776-136-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/1776-149-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download