06fc338df2bdc6038e24069e94f4e9979bd1f3c961d75dac1e2ac51566a9b9e0

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24/08/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe
Size

117KB
MD5

81b68ac19403f706cd0cb6678b2bc97b
SHA1

969b875fdab4d470de3f1c4a8c423853469282e4
SHA256

06fc338df2bdc6038e24069e94f4e9979bd1f3c961d75dac1e2ac51566a9b9e0
SHA512

efff07481f2d9b81274cde1d838befef2040ff3df9399444adb7202d8061f13b54fd64e5c1231494b57aa43ac76ed88d8d5602f8628a23c423efa9f473d93873
SSDEEP

768:gUQz7yVEhs9+4T/1bytOOtEvwDpjNbZ7uyA36S7MpxRIIXVe3mU9TYwlOBT2:gUj+AIMOtEvwDpjNbwQEIPlemUhYm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2660	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1400	81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2660	1400	81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe	28
PID 1400 wrote to memory of 2660	1400	81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe	28
PID 1400 wrote to memory of 2660	1400	81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe	28
PID 1400 wrote to memory of 2660	1400	81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
117KB

MD5
e6d45b324069dbeba1ca877918bba414

SHA1
3a0bd17db525a3bc355b769a45cd08258c8ae082

SHA256
21a2cf10865f22b4dc414eeb38e470ce3474723f98d28eca6a65dcbf41ee836d

SHA512
91aadb2cbf74b0b659585d03cc829b9d04d459c2962d7ad3bcbfbe91ee68a0dc6adcd4d4243ab6849270f0959b771eb009f5fb058dcfa5a9f83c35dbfb9652b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
117KB

MD5
e6d45b324069dbeba1ca877918bba414

SHA1
3a0bd17db525a3bc355b769a45cd08258c8ae082

SHA256
21a2cf10865f22b4dc414eeb38e470ce3474723f98d28eca6a65dcbf41ee836d

SHA512
91aadb2cbf74b0b659585d03cc829b9d04d459c2962d7ad3bcbfbe91ee68a0dc6adcd4d4243ab6849270f0959b771eb009f5fb058dcfa5a9f83c35dbfb9652b4

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
117KB

MD5
e6d45b324069dbeba1ca877918bba414

SHA1
3a0bd17db525a3bc355b769a45cd08258c8ae082

SHA256
21a2cf10865f22b4dc414eeb38e470ce3474723f98d28eca6a65dcbf41ee836d

SHA512
91aadb2cbf74b0b659585d03cc829b9d04d459c2962d7ad3bcbfbe91ee68a0dc6adcd4d4243ab6849270f0959b771eb009f5fb058dcfa5a9f83c35dbfb9652b4

Download Submit
memory/1400-0-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1400-1-0x00000000003F0000-0x00000000003F6000-memory.dmp

Filesize
24KB

Download
memory/1400-2-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2660-16-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2660-15-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download