0f7995ac6064d4adc65725b1a9bc17a592199398227d80cc6d3065f686d65403

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
29-09-2023 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe
Size

41KB
MD5

cdf045f3d280a19452fb9bacd77f8849
SHA1

cb14ca630d047288832dc51dcacb3a75958b51cf
SHA256

0f7995ac6064d4adc65725b1a9bc17a592199398227d80cc6d3065f686d65403
SHA512

03e87502b6267c2796cb7636da87906fac0d653f621661b972ec80c0363dac3e1ffd89d88d75264178925955ee0f3c8fd2020020f90cd9c9e538f956e1646624
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPhbCi442:6j+1NMOtEvwDpjr8dx4X

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3008	2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2984	3008	2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe	28
PID 3008 wrote to memory of 2984	3008	2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe	28
PID 3008 wrote to memory of 2984	3008	2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe	28
PID 3008 wrote to memory of 2984	3008	2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_cdf045f3d280a19452fb9bacd77f8849_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
41KB

MD5
564b8c5c60e52fc73f65a73821fbe1e8

SHA1
3bab7c35012ebf82cc1a88eaadb0e66104dd63a6

SHA256
2df2f6ca1feae43069cbdf41f7c62208d0da7b2261d2afb94f8a629a35acbc7f

SHA512
56521636e1ae9a3e76f8ae015d83227fcf396b45e5a1d1122e8e48543e4a34f5ec2fbc23bddde78490f8f3cb532b4b2f17cb3419bbae9ec49226e63cfacb7e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
41KB

MD5
564b8c5c60e52fc73f65a73821fbe1e8

SHA1
3bab7c35012ebf82cc1a88eaadb0e66104dd63a6

SHA256
2df2f6ca1feae43069cbdf41f7c62208d0da7b2261d2afb94f8a629a35acbc7f

SHA512
56521636e1ae9a3e76f8ae015d83227fcf396b45e5a1d1122e8e48543e4a34f5ec2fbc23bddde78490f8f3cb532b4b2f17cb3419bbae9ec49226e63cfacb7e54

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
41KB

MD5
564b8c5c60e52fc73f65a73821fbe1e8

SHA1
3bab7c35012ebf82cc1a88eaadb0e66104dd63a6

SHA256
2df2f6ca1feae43069cbdf41f7c62208d0da7b2261d2afb94f8a629a35acbc7f

SHA512
56521636e1ae9a3e76f8ae015d83227fcf396b45e5a1d1122e8e48543e4a34f5ec2fbc23bddde78490f8f3cb532b4b2f17cb3419bbae9ec49226e63cfacb7e54

Download Submit
memory/2984-20-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/2984-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2984-19-0x0000000000430000-0x0000000000436000-memory.dmp

Filesize
24KB

Download
memory/2984-27-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3008-3-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/3008-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3008-2-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download
memory/3008-14-0x0000000001FA0000-0x0000000001FAF000-memory.dmp

Filesize
60KB

Download
memory/3008-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3008-1-0x00000000002D0000-0x00000000002D6000-memory.dmp

Filesize
24KB

Download