2594165ae89d47e12d0065402bcb4c0e0039c1625b27c244d4c0c012f9131016

Analysis

max time kernel
0s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe
Size

36KB
MD5

948239831638734355cc4a47e870899e
SHA1

ef4beb18af2189a37cf1deea6534a3594501af19
SHA256

2594165ae89d47e12d0065402bcb4c0e0039c1625b27c244d4c0c012f9131016
SHA512

99955c031869cfff97b8d408c6886ba0b74d4818108c1b3ca2f1b607125c2f56f17a32ec77ebefcc7805a8918d721e945e97de522cbc7dbee58481ed49f125d3
SSDEEP

768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnv0Vei:m5nkFNMOtEvwDpjG8h0Qi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2756	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2148	2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2756	2148	2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe	14
PID 2148 wrote to memory of 2756	2148	2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe	14
PID 2148 wrote to memory of 2756	2148	2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe	14
PID 2148 wrote to memory of 2756	2148	2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe	14

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
1⤵
- Executes dropped EXE
PID:2756

C:\Users\Admin\AppData\Local\Temp\2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
21KB

MD5
af5ec7198ba59d2e12ce45851cdadf6b

SHA1
b313de88b0eb6db33897358ef81ce43a9a96609b

SHA256
739d8ea8027857a562ab5450d096661cc286423507a18bbdcf36f6967024844c

SHA512
9ed0cf0aed58025b3658f88193d5ce7963428ccc64108df1c037482687297036b5ac35814fd1ff0bc39d3f0826511c1a5e390080a7f02336ada29de8dc736ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
2KB

MD5
1ee0af626db382b442b4f38470720294

SHA1
1fc81505776d5249edf778b72a227b136ec83573

SHA256
a4f944f7404a36afd6d39aaa02e11f1567e0d5c49b37a98ad23dc4202e3fdc6e

SHA512
20e7e2cb33070bc503196401b6938ab8619357b166a560d7a89d87dd16a6b7a29558e55f6537864a2f3c155cd40f1215e5a5c8f8869cd3fdbff062e5f0a0fb29

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
25KB

MD5
95302f929c6592654eab452ce68774e3

SHA1
d3910ab73c818f8321a06c9f62d052f05bf9c428

SHA256
744920ddabb8cf52c9ace6698a3dab5120b19a95233baf7f56bace250858cd93

SHA512
af6094a7d9430ab5e34c1632c51f895a4a5ad84dc24a3f9abc27c85940de3387ab602902b8cc9786d0b78238ce545a618a6628e5ecc34fd120fc97cd9d7fd2f6

Download Submit
memory/2148-9-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2148-13-0x0000000002740000-0x000000000274E000-memory.dmp

Filesize
56KB

Download
memory/2148-8-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2148-1-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2148-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2756-26-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2756-19-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2756-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2756-27-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download