91e7214afaf87009ab4b2b136c3fd6017cec580ed44fae084c39496bc51e83fb

Analysis

max time kernel
145s
max time network
151s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe
Size

75KB
MD5

e37cfcbd8604ee63247e12b05c0df5fe
SHA1

6add963a2b58ffc0ec392cc2025e7a07f0bc81c2
SHA256

91e7214afaf87009ab4b2b136c3fd6017cec580ed44fae084c39496bc51e83fb
SHA512

e7f98d8100f9dfa2ce69f643537bb0f8f36c7209a5bb0cf9a62b73023c130ce72e870fcf5e1931f7b8d8cf06bb044d63888dc4579cbc01ef06682316ef55f3f2
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfWa1:vCjsIOtEvwDpj5H9YvQd2Z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2212	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2260	2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2212	2260	2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe	28
PID 2260 wrote to memory of 2212	2260	2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe	28
PID 2260 wrote to memory of 2212	2260	2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe	28
PID 2260 wrote to memory of 2212	2260	2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-25_e37cfcbd8604ee63247e12b05c0df5fe_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
a6ce1217f6e7fb8420d1168d35226445

SHA1
1912b2446b37513e20e1a27bfeae5eeefc37b225

SHA256
c934c89867b1a2a343b8714327d208ca925ee7bb7cbe48f44fb8f33283f7597c

SHA512
22b46d0715419e86e93d01aafd7e2dba4353cadf89a3a741a9780e953620c9f9e19c2c511ebbd17bc027d69a60d9310b650c3906314ed1e04246baa700ec71cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
a6ce1217f6e7fb8420d1168d35226445

SHA1
1912b2446b37513e20e1a27bfeae5eeefc37b225

SHA256
c934c89867b1a2a343b8714327d208ca925ee7bb7cbe48f44fb8f33283f7597c

SHA512
22b46d0715419e86e93d01aafd7e2dba4353cadf89a3a741a9780e953620c9f9e19c2c511ebbd17bc027d69a60d9310b650c3906314ed1e04246baa700ec71cb

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
75KB

MD5
a6ce1217f6e7fb8420d1168d35226445

SHA1
1912b2446b37513e20e1a27bfeae5eeefc37b225

SHA256
c934c89867b1a2a343b8714327d208ca925ee7bb7cbe48f44fb8f33283f7597c

SHA512
22b46d0715419e86e93d01aafd7e2dba4353cadf89a3a741a9780e953620c9f9e19c2c511ebbd17bc027d69a60d9310b650c3906314ed1e04246baa700ec71cb

Download Submit
memory/2212-15-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2212-16-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2260-0-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2260-1-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2260-2-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download