0d4a5fb104abfb9a3c20b82f1a3ee28b5aef42fca7dea8ea40b8e841e78cab69

Analysis

max time kernel
150s
max time network
169s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 12:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe
Size

39KB
MD5

077ab48df81f40702cd0096b47f7ec2c
SHA1

3029a8b5d2c3107b8051199e7d2fae276e9b2ce2
SHA256

0d4a5fb104abfb9a3c20b82f1a3ee28b5aef42fca7dea8ea40b8e841e78cab69
SHA512

83199f4399ce60d3e6356ec561b68912ebc3e913bf9ace454d65b7f7cfa6082bd68a39f3c11e6c5992240be61ecffc5ce9e2da597a946760f576114532f320e1
SSDEEP

768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6DyUZE:bIDOw9a0Dwo3P1ojvUSDhZE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3032	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2252	2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 3032	2252	2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe	28
PID 2252 wrote to memory of 3032	2252	2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe	28
PID 2252 wrote to memory of 3032	2252	2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe	28
PID 2252 wrote to memory of 3032	2252	2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-06_077ab48df81f40702cd0096b47f7ec2c_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
40KB

MD5
62add6f6da9bd5e803978bb60ea6c4b5

SHA1
2e2242d7ca04b6ce15ea885525de9fb75d2358e4

SHA256
9a3c31957d438827a933e25d47f8b8d37275906bead9a5483bd6f7c19fe240da

SHA512
84d778a12e52eec65daec3bc41a8559ec76ae9c1035d4cb39b5710d2eb96124b49dbf8d5fac22074cc8553c28caa4d1bc394fd42bca364e6b5c193408e10dbc1

Download Submit
memory/2252-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2252-1-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2252-6-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/3032-15-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download