841020ab9bd7d3c4439914d49e6de81a4c107de31f677712d16ae9a6c8249dd0

Analysis

max time kernel
147s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe
Size

60KB
MD5

5f0a6afa1e20ff2f385e2311c6aa5541
SHA1

cb542d2dff19eec386b6c7f81be80d42d35c0077
SHA256

841020ab9bd7d3c4439914d49e6de81a4c107de31f677712d16ae9a6c8249dd0
SHA512

54c556e3d0b46e3987af025fe9ab7bb92870cc3c32cc20f718b7ce668490c15cc764b9cae41c49670a4387f1475105081214a8c4d3cffb3dd20b6e29d9cfc521
SSDEEP

768:zQz7yVEhs9+syJP6ntOOtEvwDpjFelaB7yBEY9Su8F5mLUWL:zj+soPSMOtEvwDpj4kpmeLm5

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2728	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2672	2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2728-17-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012252-25.dat	upx
behavioral1/memory/2672-16-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x0009000000012252-15.dat	upx
behavioral1/memory/2672-13-0x00000000026C0000-0x00000000026D0000-memory.dmp	upx
behavioral1/files/0x0009000000012252-11.dat	upx
behavioral1/memory/2728-27-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2728	2672	2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe	21
PID 2672 wrote to memory of 2728	2672	2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe	21
PID 2672 wrote to memory of 2728	2672	2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe	21
PID 2672 wrote to memory of 2728	2672	2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe	21

C:\Users\Admin\AppData\Local\Temp\2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_5f0a6afa1e20ff2f385e2311c6aa5541_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
5KB

MD5
74cf6327837161a999f3c4c2f2a82607

SHA1
647abc881e9c284bae60cfc764477a143c33b39e

SHA256
357a04ae3916bfca87c99c104f1e0c7d2703a258f490e198f2d15bd155975c77

SHA512
18404caa59283e5f338a98a34fdbaab4cdff1035efe2fb3bcdade0eb0daddafc1cdc38bfd2afac413e4983d2ee57cfb4268d7028db7918197b96363294072107

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
20KB

MD5
28d64e8281b2b598d7cb330b5c78364b

SHA1
06f92e39afff714480e42d34a1f87a2ba2245845

SHA256
0709ea98669b425ddc6d51550e9bf6b546702928dbf41aa711cec6cbbd70a5a8

SHA512
d2ad175552f42e6e1d03fdac021b2facfb5a4d83eb07529d73c7181d7bb744699679180b94331a1f67a1938e1fd5c3349e134502eca6481712bae82158e82a9d

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
5KB

MD5
223f5c4b7e7f5321e698f1bcdbebb245

SHA1
bd1e51f973fcd5a4db64e524163a06a874d6df31

SHA256
f4c72aeac9362d8a17acb583e41a789078bce8aa0614f7bc901f15882323ecc7

SHA512
d382559fe00f2bd2d261f47932c76e5117f8eb2d41639dd0193a15c87e78c05455e6ae37c5c9700f3f4b3b65ba5645849777098f272103a8e04e4154da6210c0

Download Submit
memory/2672-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2672-6-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2672-2-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2672-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2672-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2672-13-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/2672-26-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/2728-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2728-27-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download