c874e93506a8ce09a8302993177752d45796bd4669336b8af100b4e523c6c001

Analysis

max time kernel
151s
max time network
158s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe
Size

35KB
MD5

643e1867a6785140c2dba5a95ef9f40f
SHA1

26fcde34bdb01e92044d5f68dfb302c8cfb35abd
SHA256

c874e93506a8ce09a8302993177752d45796bd4669336b8af100b4e523c6c001
SHA512

7b5742e9d57b4cc82ad12253c439633164c0f0fc8df4eab3508f2a165693447d377fb0a3d70b094034b1c6e335bc3f49a7ba01cd8b4d6f8217800fd987082652
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpj66BLbjG9Rq:i5nkFGMOtEvwDpjR+q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2360	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2360	2188	2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe	28
PID 2188 wrote to memory of 2360	2188	2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe	28
PID 2188 wrote to memory of 2360	2188	2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe	28
PID 2188 wrote to memory of 2360	2188	2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_643e1867a6785140c2dba5a95ef9f40f_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
35KB

MD5
59051271e05c2f2eb91323b2ea53ea7a

SHA1
8de504ba9a9f908cbf9224d6820b80ad71ace29d

SHA256
13d38859f4f2ef40d6a163055c36486d56f7e556506f14c191d900feb28ea96d

SHA512
f3d829eeff3840300993e8655957bdccfefc9f8c57259062db005e9c4005edc14b45b032fe31fbf61b3dae3dfec7df67154626ad1985ad4bbb951bc3e92ffc6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
35KB

MD5
59051271e05c2f2eb91323b2ea53ea7a

SHA1
8de504ba9a9f908cbf9224d6820b80ad71ace29d

SHA256
13d38859f4f2ef40d6a163055c36486d56f7e556506f14c191d900feb28ea96d

SHA512
f3d829eeff3840300993e8655957bdccfefc9f8c57259062db005e9c4005edc14b45b032fe31fbf61b3dae3dfec7df67154626ad1985ad4bbb951bc3e92ffc6a

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
35KB

MD5
59051271e05c2f2eb91323b2ea53ea7a

SHA1
8de504ba9a9f908cbf9224d6820b80ad71ace29d

SHA256
13d38859f4f2ef40d6a163055c36486d56f7e556506f14c191d900feb28ea96d

SHA512
f3d829eeff3840300993e8655957bdccfefc9f8c57259062db005e9c4005edc14b45b032fe31fbf61b3dae3dfec7df67154626ad1985ad4bbb951bc3e92ffc6a

Download Submit
memory/2188-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2188-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2188-2-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2188-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2188-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2188-12-0x00000000006F0000-0x00000000006FF000-memory.dmp

Filesize
60KB

Download
memory/2360-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2360-19-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2360-26-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download