5f15563f562297d136f569ade5469bbb21b7a1cfa9c778dae952c13caf0765b4

Analysis

max time kernel
30s
max time network
208s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe
Size

76KB
MD5

9b02bf35e7482632329d83235034f3c5
SHA1

8e365cf1f10226294f7990130f418ea3d39d3316
SHA256

5f15563f562297d136f569ade5469bbb21b7a1cfa9c778dae952c13caf0765b4
SHA512

de56fb601d5bbafe6d156cf15bde18a83335ae5348d573755ab2ce108dedb23885ac311efda4e27f8fac4fe9ad382b6547ff574e33307012e0dc1d47ac18e145
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4U9HueDgaRWDtJgXkeUTn8WIv:vj+jsMQMOtEvwDpj5H8u8rLXkemn7Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2976	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2836	2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2976	2836	2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe	16
PID 2836 wrote to memory of 2976	2836	2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe	16
PID 2836 wrote to memory of 2976	2836	2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe	16
PID 2836 wrote to memory of 2976	2836	2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_9b02bf35e7482632329d83235034f3c5_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
11KB

MD5
67a7c26861f20cbb724aadd564430edf

SHA1
955b93fa4feb767b62f5e7a29063ed29dc5e1e72

SHA256
2fad3bc03a0ead06507d8673a73766cec351e1c38bee493e2ef5bc81d142fa4f

SHA512
0b40d27840cd5ca8fa0ca0345516855c89a7a959f1762bcc7ebca46907589aa0c8f54c312a70e32a9278557942b4584e8d1839f62dd4e5e8aafbaeb772099d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
21KB

MD5
998484930c803e5fd5775c34e7504e48

SHA1
c8a7ae4c261e82af92a2ea8726aeb5f306780580

SHA256
d03b452770d2fee4f23cc39759195771412bb11b4b009d1a2b1c8ccf69057c69

SHA512
3b08cd92b2f9f9797bc09442f8402092c6c8524eb0e90920a5f7084ae329daabdea266ec0c4f05f8f755b7f377dad2bcf4f0d35a761c5ac69f6b208d7a8a75a3

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
13KB

MD5
6a0ab4489881f7fb7d1718dd6acb02e5

SHA1
fd1d7a4bb0bbe1947555eb95a7ab51f7fc9e4277

SHA256
13ada67209658428e58b7ddaf5210dcdf6b7f21ca9b7c787ea6988c4726e5ebf

SHA512
2e56f603db7111c6d969f88cccdadc2f2dbde30adcf5f0251510aaef15d09de617b0a767f00be8fff8cd58ce2e946d5e1b34727377bcec9f28fd33dde1d53d12

Download Submit
memory/2836-8-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2836-1-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/2836-0-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2976-22-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2976-15-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download