da2159f9a409cb80d35f87a39ee8a0ad4d7e62330032f5b2873b29b1c56307e7

Analysis

max time kernel
135s
max time network
147s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe
Size

33KB
MD5

578d8d2d0e1c52bc287341ab76dcaea3
SHA1

bf35e36ecd5abc8d484c9622093a4f62fc8d64c2
SHA256

da2159f9a409cb80d35f87a39ee8a0ad4d7e62330032f5b2873b29b1c56307e7
SHA512

e71f800d094ddb547dadeeb38d64250619337c6ada7ce51809f67ffc053ad6b4659c6b3262b1d5553e059b6e75bb80e0c3a9889e8467ee692b99f53d214edff8
SSDEEP

384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoi0WlLYZAM9BWixN9xX:b7o/2n1TCraU6GD1a4X0WlK59xfxX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2052	rewok.exe

Loads dropped DLL 1 IoCs

pid	Process
2972	2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2972	2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe
2052	rewok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2052	2972	2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe	28
PID 2972 wrote to memory of 2052	2972	2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe	28
PID 2972 wrote to memory of 2052	2972	2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe	28
PID 2972 wrote to memory of 2052	2972	2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_578d8d2d0e1c52bc287341ab76dcaea3_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\rewok.exe
  "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
33KB

MD5
c93d8dfb8c907bfa079745406df730c1

SHA1
89f3557a235bdb25ae7091aa0d29a3c8ac67df55

SHA256
f1139be483cbd800f3c265d2bded8f3d19c6037b03f846c14caaafc3006f3c7a

SHA512
d78960b0edefc2039abdd258cdde74b8f47fb5c57849a1ceb3093e53f5a6173612f9edcb1f3ebc5571f7e2f112ee7f7cee63a78a5114286bc58fbc36175a5540

Download Submit
C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
33KB

MD5
c93d8dfb8c907bfa079745406df730c1

SHA1
89f3557a235bdb25ae7091aa0d29a3c8ac67df55

SHA256
f1139be483cbd800f3c265d2bded8f3d19c6037b03f846c14caaafc3006f3c7a

SHA512
d78960b0edefc2039abdd258cdde74b8f47fb5c57849a1ceb3093e53f5a6173612f9edcb1f3ebc5571f7e2f112ee7f7cee63a78a5114286bc58fbc36175a5540

Download Submit
\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
33KB

MD5
c93d8dfb8c907bfa079745406df730c1

SHA1
89f3557a235bdb25ae7091aa0d29a3c8ac67df55

SHA256
f1139be483cbd800f3c265d2bded8f3d19c6037b03f846c14caaafc3006f3c7a

SHA512
d78960b0edefc2039abdd258cdde74b8f47fb5c57849a1ceb3093e53f5a6173612f9edcb1f3ebc5571f7e2f112ee7f7cee63a78a5114286bc58fbc36175a5540

Download Submit
memory/2052-16-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2972-0-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2972-1-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2972-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download