eb6fed345b8b405d12c88028310814e43dd11c6be0b55fdd8d474e2dfed8c69d

Analysis

max time kernel
0s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 05:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_1556c8d62b334f19f0ae1cf663dc3961_cryptolocker.exe
Size

124KB
MD5

1556c8d62b334f19f0ae1cf663dc3961
SHA1

c6a5e5ba7c24742706e0d05379bf34fd1f162301
SHA256

eb6fed345b8b405d12c88028310814e43dd11c6be0b55fdd8d474e2dfed8c69d
SHA512

cb8d45bae029e8bbd4dadfb6dacfe38df597485717cac223c226865bf4342e80af80622e6222f2a0f6f8a6da1c8fb246bb7484d2d280171cd4c4f18c218e538b
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIuBKLUYOVbvh//FT:vCjsIOtEvwDpj5H9YvQd2R/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-01_1556c8d62b334f19f0ae1cf663dc3961_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_1556c8d62b334f19f0ae1cf663dc3961_cryptolocker.exe"
1⤵
PID:1936
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
49KB

MD5
a369f89308010f32cc2473e10ef523c9

SHA1
8eb1233706e92619b4a1aee505458f4ab035e2b8

SHA256
b2796c8c1187a402dacf48d2d851f1c4ea07f954f0dfb735202ea1f60a3dd1ab

SHA512
e17271944f98d352d0269453faaf6de0f0fb24750bd83862acaa5fcc4fb6dc43591bd42d5c3ea64f9eddecc9cf090d3b98f7c06b145522fa697521969f0c0413

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
8219634960d250b7a1bd523b41f570f1

SHA1
4fc7cfe2447dcb3c61a8386f64eea86551efb422

SHA256
84e7c456fa4011d09916fa271f1f56cd4f45f07814bdb36043355c921623f90d

SHA512
dcb8a4205cfcf85936fc1a0c5638a210224e967efdf035992026866d005ce8cb49cc9f6114750811a5dea4acab1469ca236b4d3033388d8ab8cc68d887a19195

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
79KB

MD5
ed0ec0c7f78b2a6715e8e6fb9b706f8c

SHA1
55f67c8754505a4cba62a162b6bf4975586f2be7

SHA256
9e58ddacdf8657721205b47a4e8ac14036d34b5186f744f83b20295a663a3d66

SHA512
7d76cd0edd50366b7237f9463751af9b00e9d7e9e301d293267487f8651344b9f748c898f143793b68dd27fb74e0dc4ba15b50f4b06dc80b0bc91a6e998152d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\misids.exe

Filesize
315B

MD5
a34ac19f4afae63adc5d2f7bc970c07f

SHA1
a82190fc530c265aa40a045c21770d967f4767b8

SHA256
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

SHA512
42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765

Download Submit
memory/1936-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/1936-2-0x00000000007D0000-0x00000000007D6000-memory.dmp

Filesize
24KB

Download
memory/1936-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/3400-18-0x00000000005E0000-0x00000000005E6000-memory.dmp

Filesize
24KB

Download
memory/3400-17-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download