f16625c4e3f69c7e256b726ff4e7b6f8ab7bd9c0353f5344e946f424c0f3587a

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe
Size

83KB
MD5

b1267c3e35c5344156bf336d96f3fc8d
SHA1

fda23e5954aa8dcc51e653fd56ac4fb2ed43cc7c
SHA256

f16625c4e3f69c7e256b726ff4e7b6f8ab7bd9c0353f5344e946f424c0f3587a
SHA512

deda3db708456d193ed90e9f168fd51e1896a4609c7e62504a378b121615ec663925b0ae14a48a0a4ad0fe64250f874ab64c9defa7fe76ef6edf5a1cd7ead4e0
SSDEEP

1536:vj+jsMQMOtEvwDpj5H8u8rBN6nqEZNi1zzs:vCjsIOtEvwDpj5H8zPK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2876	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2436	2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2876	2436	2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe	28
PID 2436 wrote to memory of 2876	2436	2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe	28
PID 2436 wrote to memory of 2876	2436	2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe	28
PID 2436 wrote to memory of 2876	2436	2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_b1267c3e35c5344156bf336d96f3fc8d_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
84KB

MD5
ecadc36b55ed7dc7d628f90a43129684

SHA1
8b085bb9e9860ff159913de47271bb4e672445b1

SHA256
33aa88e4e6109c74874f8951fcc9b88d0ba248a38665afd2f5e469d4cbc022e3

SHA512
fb46e2aaa2d3b6c88242b15bf782898420540f0bc4482052ad53a9a34cd243521f125b8861413c98f9c6e1b4facd7f867cf0129d6414fcb204370bdd3323e11b

Download Submit
memory/2436-0-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2436-1-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2436-2-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2876-15-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2876-22-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download