2594165ae89d47e12d0065402bcb4c0e0039c1625b27c244d4c0c012f9131016

Analysis

max time kernel
0s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe
Size

36KB
MD5

948239831638734355cc4a47e870899e
SHA1

ef4beb18af2189a37cf1deea6534a3594501af19
SHA256

2594165ae89d47e12d0065402bcb4c0e0039c1625b27c244d4c0c012f9131016
SHA512

99955c031869cfff97b8d408c6886ba0b74d4818108c1b3ca2f1b607125c2f56f17a32ec77ebefcc7805a8918d721e945e97de522cbc7dbee58481ed49f125d3
SSDEEP

768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnv0Vei:m5nkFNMOtEvwDpjG8h0Qi

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_948239831638734355cc4a47e870899e_cryptolocker.exe"
1⤵
PID:4476
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
5KB

MD5
88ed638761b0831ab7b1bb0935725065

SHA1
fe0f66ffec1d1501fdf99ba20a1407ffe6378e4e

SHA256
aeb77339a56c612d158cd6c1693184a0df62e179cfda76ff89dce09c758cd81d

SHA512
7f557f17dfd56373764aaedd9345b167c58dca0a53f2b389425fb2eee64317040db76aa9a0aa13431a39e3ba13830f7e9c2f6a2ab0a140490f446e1fd90b6e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
36KB

MD5
e84011ab7575a2c24b25e0ef332d6dc9

SHA1
0580f9f72b90212708164dd902f052ab4b3d1a8e

SHA256
03ea01b53413961e23ec07afc88b43d3e2a8f9d96bfa74c92db077f7505847ca

SHA512
3c32a3609f5fd185367ae17de44c90534652e97da2c9be6d3a867a57346c0cd65181007734b8e2fde8527bc8159027853b91d350cb8dbe72f2a7f8545e0c9bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
34KB

MD5
eccca2e8eaf7f40163d09db8851aac89

SHA1
bb6802d70537d18ee947fd791e639351fe41b485

SHA256
ae9aa1f3aac7b02b6f60d7d5a08e1d406f424aefe49fb82fc68a3c68b0bac8eb

SHA512
bbe08289f669919a46ec57ab9e852ea650ca7ff92acbd4ef2ee5afbceb64f79bec52769ab6daf567e1835fc5ce240c6f54b1c9638cfdf030e8430ec7f2624a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\misids.exe

Filesize
315B

MD5
a34ac19f4afae63adc5d2f7bc970c07f

SHA1
a82190fc530c265aa40a045c21770d967f4767b8

SHA256
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

SHA512
42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765

Download Submit
memory/4476-1-0x0000000002190000-0x0000000002196000-memory.dmp

Filesize
24KB

Download
memory/4476-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/4476-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/4476-3-0x00000000021B0000-0x00000000021B6000-memory.dmp

Filesize
24KB

Download
memory/4476-2-0x0000000002190000-0x0000000002196000-memory.dmp

Filesize
24KB

Download
memory/4952-20-0x00000000006D0000-0x00000000006D6000-memory.dmp

Filesize
24KB

Download
memory/4952-26-0x00000000006B0000-0x00000000006B6000-memory.dmp

Filesize
24KB

Download
memory/4952-18-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/4952-49-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download