a4e77de48cb257e40955d0a2fac9846051443f27abee2304d4963378fa2fb2c5

Analysis

max time kernel
147s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe
Size

45KB
MD5

83803cd17826a3417224b42f74f10167
SHA1

86211769eb9eda31d96d321ef7eafa16c99a0af1
SHA256

a4e77de48cb257e40955d0a2fac9846051443f27abee2304d4963378fa2fb2c5
SHA512

ec6f95a6463646ca30662e0f708e54415f613d0bb8af74af411139b1b42cc13cffb916512f901501d80715bb3141eb58b655db9fb03ae7103acac57d436abba2
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr46xdUU/Fj5:vj+jsMQMOtEvwDpj5Hczer5iU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2124	2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2684	2124	2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe	17
PID 2124 wrote to memory of 2684	2124	2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe	17
PID 2124 wrote to memory of 2684	2124	2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe	17
PID 2124 wrote to memory of 2684	2124	2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe	17

C:\Users\Admin\AppData\Local\Temp\2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_83803cd17826a3417224b42f74f10167_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
45KB

MD5
6914a6cf43e27109237032668c7fffec

SHA1
3b3e57bee0061c5e0c4a274f6ad9554ac8247671

SHA256
b05a27a14252f7aa4a52df9dcc27117f6d7f1e648be501700772fa71d90f8c4d

SHA512
4342dfe68a369dc3d514d5f30f70fb433ceddb063cc622d5f10ea14447294bf6a0720de152bda7fa24bd4e0819063fef448fd5b21cf36d60f74b7b8ef9f64270

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
1KB

MD5
9c0406814ff079adf3d8ecc452ddcd3e

SHA1
82a82d757cef5f4ed48bc8e55766935b5cbca7d0

SHA256
c4cc532f59680a11ee6cdfee2497f86f713df4cbfd980b9ba1c626a476245b10

SHA512
d3d81462436e426906ca56dbb2e1f797f3711a576983e915dd7a66e62be0f5c38b3364c2f10d052a35299e312f63b56c4d7211e93960b8ad7c8c7b93f7764811

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
45KB

MD5
1e8cb75e534cf5b339de2030b6dffb08

SHA1
c4d430c6b11e47aa9b34c2533af15382297e2927

SHA256
272bb641afff5f431a67a744a44bf25e1208861aff351efeb2971dee829adaac

SHA512
f9a9516b7c10ea1b152898b49e759dfae1e322930ff6519e7e1a41eedc9285540c7313788cf8fc99b9e816dfafe938a990e97531d544ea06398a1ce918cd954e

Download Submit
memory/2124-1-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2124-2-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2124-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2684-15-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/2684-19-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download