58dd0ac822de193486e14c0a5549fcd1aee41f302919f04d30515d59c9cc136c

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79144ee1cd7d9ec96aeb9d8bb48d9233_cryptolocker_JC.exe
Size

27KB
MD5

79144ee1cd7d9ec96aeb9d8bb48d9233
SHA1

ccda28e86727e82ef0df6056ab6737fb46ff451a
SHA256

58dd0ac822de193486e14c0a5549fcd1aee41f302919f04d30515d59c9cc136c
SHA512

eb3f877daafc99263dd3d67d7f4dc2a595fa190c63b3f2e94e6b91915b93ebf208766c3e6b2160a1761cc99f1ae9350b51656a2d822cdf3da8c84c995a6cf225
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSzw:b/yC4GyNM01GuQMNXw2PSk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1592	retln.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 1592	4100	79144ee1cd7d9ec96aeb9d8bb48d9233_cryptolocker_JC.exe	80
PID 4100 wrote to memory of 1592	4100	79144ee1cd7d9ec96aeb9d8bb48d9233_cryptolocker_JC.exe	80
PID 4100 wrote to memory of 1592	4100	79144ee1cd7d9ec96aeb9d8bb48d9233_cryptolocker_JC.exe	80

C:\Users\Admin\AppData\Local\Temp\79144ee1cd7d9ec96aeb9d8bb48d9233_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\79144ee1cd7d9ec96aeb9d8bb48d9233_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Users\Admin\AppData\Local\Temp\retln.exe
  "C:\Users\Admin\AppData\Local\Temp\retln.exe"
  2⤵
  - Executes dropped EXE
  PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\retln.exe

Filesize
28KB

MD5
dbc5791ac491bfe11e1788c4a77dd1c2

SHA1
3ed0b62e0965c058c2fcf5637e24bf2a890dbb1a

SHA256
9e4bbe1cad9e3194441ea932bbee4d5624854623f84ded794fb0cf2cc05855c5

SHA512
4aaa6c65061ae398f7d2241195edc448836c20b4d7ef601acea8a7469732a4b177339a18d364be1335105e0853e18dcbb2fcb91aeaefe39d8177396897d7dda9

Download Submit
C:\Users\Admin\AppData\Local\Temp\retln.exe

Filesize
28KB

MD5
dbc5791ac491bfe11e1788c4a77dd1c2

SHA1
3ed0b62e0965c058c2fcf5637e24bf2a890dbb1a

SHA256
9e4bbe1cad9e3194441ea932bbee4d5624854623f84ded794fb0cf2cc05855c5

SHA512
4aaa6c65061ae398f7d2241195edc448836c20b4d7ef601acea8a7469732a4b177339a18d364be1335105e0853e18dcbb2fcb91aeaefe39d8177396897d7dda9

Download Submit
C:\Users\Admin\AppData\Local\Temp\retln.exe

Filesize
28KB

MD5
dbc5791ac491bfe11e1788c4a77dd1c2

SHA1
3ed0b62e0965c058c2fcf5637e24bf2a890dbb1a

SHA256
9e4bbe1cad9e3194441ea932bbee4d5624854623f84ded794fb0cf2cc05855c5

SHA512
4aaa6c65061ae398f7d2241195edc448836c20b4d7ef601acea8a7469732a4b177339a18d364be1335105e0853e18dcbb2fcb91aeaefe39d8177396897d7dda9

Download Submit
memory/1592-20-0x0000000002D60000-0x0000000002D66000-memory.dmp

Filesize
24KB

Download
memory/4100-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download
memory/4100-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download
memory/4100-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download