0019b8744dd13a0d468748f2e8f0c49bfa58a346e64fb81af5d4f8aea145f931

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22-08-2023 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe
Size

30KB
MD5

6ffdbf0be2433af769082d51d295819e
SHA1

c3812f78acfe07d083f10ce4f905c7a9048a5580
SHA256

0019b8744dd13a0d468748f2e8f0c49bfa58a346e64fb81af5d4f8aea145f931
SHA512

fe01d1bee14bed1289d6246b63db8f81c390321a7f1c93a69e197901ce43f9dceb3457084abfb565c9efe0950af866de3988195c5f74d557a41413ed30b233c7
SSDEEP

384:u0VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26Rsn1rCcOQtOOtEvwDpjqIGRS/Vb9Da:uQz7yVEhs9+js1SQtOOtEvwDpjzK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2928	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2384	6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2928	2384	6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe	28
PID 2384 wrote to memory of 2928	2384	6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe	28
PID 2384 wrote to memory of 2928	2384	6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe	28
PID 2384 wrote to memory of 2928	2384	6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\6ffdbf0be2433af769082d51d295819e_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
30KB

MD5
b07d16cfec6ccfcb21415dadc3d3a9b6

SHA1
2db16cb2e4c2dc93e1bcba785b6aeef6c7bdba92

SHA256
16716744c71918fe9405127179b10b1c5084491c167c071723e7b71504f5b0dc

SHA512
f3f8f81fe961f9cdaaf1bcc5f58e165d23c1ed821f3ad621210a76dc260a2809f90c4593cd4ad969d4e0403b11b2341c885cb76e919dd4ce30fb541af9257128

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
30KB

MD5
b07d16cfec6ccfcb21415dadc3d3a9b6

SHA1
2db16cb2e4c2dc93e1bcba785b6aeef6c7bdba92

SHA256
16716744c71918fe9405127179b10b1c5084491c167c071723e7b71504f5b0dc

SHA512
f3f8f81fe961f9cdaaf1bcc5f58e165d23c1ed821f3ad621210a76dc260a2809f90c4593cd4ad969d4e0403b11b2341c885cb76e919dd4ce30fb541af9257128

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
30KB

MD5
b07d16cfec6ccfcb21415dadc3d3a9b6

SHA1
2db16cb2e4c2dc93e1bcba785b6aeef6c7bdba92

SHA256
16716744c71918fe9405127179b10b1c5084491c167c071723e7b71504f5b0dc

SHA512
f3f8f81fe961f9cdaaf1bcc5f58e165d23c1ed821f3ad621210a76dc260a2809f90c4593cd4ad969d4e0403b11b2341c885cb76e919dd4ce30fb541af9257128

Download Submit
memory/2384-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2384-55-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2384-58-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2928-69-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/2928-70-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download