7728e97bfce305d133e63a9ba7a3d2df28e6ba0338e7aeb7ad0f1ac4731ada5c

Analysis

max time kernel
150s
max time network
173s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 17:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe
Size

44KB
MD5

afc556ce4494e85102c656b7ce66c7fd
SHA1

e061ea505ac49cbb65d2cbce1f29173b1a8cb7f6
SHA256

7728e97bfce305d133e63a9ba7a3d2df28e6ba0338e7aeb7ad0f1ac4731ada5c
SHA512

3a6a893191fcccebf1c5b616f357c6430ff87afb2c4385c92f4b493f74d226b826f4cf50b5f7f5c3af45852eb07c1e57cc19f93ba068a31b69e4975357a9dc49
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWE6BLtld5:xj+VGMOtEvwDpjk/5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2588	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2460	NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2588	2460	NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe	28
PID 2460 wrote to memory of 2588	2460	NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe	28
PID 2460 wrote to memory of 2588	2460	NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe	28
PID 2460 wrote to memory of 2588	2460	NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_afc556ce4494e85102c656b7ce66c7fd_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
c6ae6f2eaa1fa8339fc458b1a30dc63f

SHA1
7044eedf89dc906f39addd698b06da5b3537c7ba

SHA256
338b54963e35b862ca9c4847a112ffb83882074418d96238cec6c5124ff6895f

SHA512
5b607ec75c8ba0ee60482d2afbdb03df818c45c162f460c98afc43d6bb0b82818dc2f07902b04fb14f24ef6bd0dcefb5febe8923b5024cf61bde2486320c6aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
c6ae6f2eaa1fa8339fc458b1a30dc63f

SHA1
7044eedf89dc906f39addd698b06da5b3537c7ba

SHA256
338b54963e35b862ca9c4847a112ffb83882074418d96238cec6c5124ff6895f

SHA512
5b607ec75c8ba0ee60482d2afbdb03df818c45c162f460c98afc43d6bb0b82818dc2f07902b04fb14f24ef6bd0dcefb5febe8923b5024cf61bde2486320c6aad

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
c6ae6f2eaa1fa8339fc458b1a30dc63f

SHA1
7044eedf89dc906f39addd698b06da5b3537c7ba

SHA256
338b54963e35b862ca9c4847a112ffb83882074418d96238cec6c5124ff6895f

SHA512
5b607ec75c8ba0ee60482d2afbdb03df818c45c162f460c98afc43d6bb0b82818dc2f07902b04fb14f24ef6bd0dcefb5febe8923b5024cf61bde2486320c6aad

Download Submit
memory/2460-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2460-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2460-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2460-2-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2460-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2588-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2588-18-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2588-19-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download
memory/2588-26-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download