23eec827a40997ff1b25ee3150e56c4f51b986ad3e8d0f438bc76d2c286bc368

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe
Size

36KB
MD5

be08a8b0481b31792ceeb376014c5928
SHA1

72cbc05db0a7c6e454dce78df9b8232304c8bf5e
SHA256

23eec827a40997ff1b25ee3150e56c4f51b986ad3e8d0f438bc76d2c286bc368
SHA512

82b9b0138d911f937e14729db524b8c679e942e14ce64160cf7a00050d1344f1dace140e84aff6ff0860b18dd3cdbca4fec18f3e861dc231e9f18f9d1b6decaf
SSDEEP

384:60VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26aIIcVRYpetOOtEvwDpjqIGRmdHzOO+:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqh64

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3000	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2056	be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3000	2056	be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe	28
PID 2056 wrote to memory of 3000	2056	be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe	28
PID 2056 wrote to memory of 3000	2056	be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe	28
PID 2056 wrote to memory of 3000	2056	be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\be08a8b0481b31792ceeb376014c5928_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
36KB

MD5
d270444389759524f0d2462d20bed367

SHA1
4959ee409caa005c57f6ab9dbb0fb7afe0b794f3

SHA256
5fdac61f13b97567b01fd24f569e7c56519cc944520c7128568dd407cda7c950

SHA512
6eab45d42c858b354a9e6ecc9c7f179a80c5f294ea37b0f8066b532a027be6e3699342c2235535da8b3c5acb3a28169edd5eb0e06a6be4b26a470de9efc9219f

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
36KB

MD5
d270444389759524f0d2462d20bed367

SHA1
4959ee409caa005c57f6ab9dbb0fb7afe0b794f3

SHA256
5fdac61f13b97567b01fd24f569e7c56519cc944520c7128568dd407cda7c950

SHA512
6eab45d42c858b354a9e6ecc9c7f179a80c5f294ea37b0f8066b532a027be6e3699342c2235535da8b3c5acb3a28169edd5eb0e06a6be4b26a470de9efc9219f

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
36KB

MD5
d270444389759524f0d2462d20bed367

SHA1
4959ee409caa005c57f6ab9dbb0fb7afe0b794f3

SHA256
5fdac61f13b97567b01fd24f569e7c56519cc944520c7128568dd407cda7c950

SHA512
6eab45d42c858b354a9e6ecc9c7f179a80c5f294ea37b0f8066b532a027be6e3699342c2235535da8b3c5acb3a28169edd5eb0e06a6be4b26a470de9efc9219f

Download Submit
memory/2056-4-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2056-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2056-13-0x0000000002380000-0x000000000238F000-memory.dmp

Filesize
60KB

Download
memory/2056-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2056-2-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2056-1-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2056-27-0x0000000002380000-0x000000000238F000-memory.dmp

Filesize
60KB

Download
memory/3000-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3000-20-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/3000-19-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3000-28-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download