ffa8c81700812567152a5431b58b3bb4d2bf0a9ad533cb58576d75b0ced36845

Analysis

max time kernel
238s
max time network
274s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe
Size

80KB
MD5

722b2f49e2155350eb43c9e51494a173
SHA1

8073c8ebb780cf0fd288745a654752d4d217b976
SHA256

ffa8c81700812567152a5431b58b3bb4d2bf0a9ad533cb58576d75b0ced36845
SHA512

059c1d3c1e6fb11cad74c2bc9c7eec2b2316147c9fa08c17674c752694d4d64b2eabce9e798597f45a44e1a8ecd40fd3a2c6f5f4e06484511e2a3ec92eb8a5c3
SSDEEP

1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfWafHNBf:vCjsIOtEvwDpj5H9YvQd2n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3016	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3032	2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3016	3032	2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe	27
PID 3032 wrote to memory of 3016	3032	2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe	27
PID 3032 wrote to memory of 3016	3032	2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe	27
PID 3032 wrote to memory of 3016	3032	2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe	27

C:\Users\Admin\AppData\Local\Temp\2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-06_722b2f49e2155350eb43c9e51494a173_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
80KB

MD5
36dcc14bf9c0240f5fc8f7da89f3b9a0

SHA1
78b1b27de29428c9f527417e37d839a5e341d671

SHA256
83c746277ffc71ea7b894076ceb53a8112ffb26d9165762ab0dd93d64bc77468

SHA512
3efefc3516a344114321f434b2c1897ff8b63a03ff4e1399fefa40ea86b8f14a1b77d60b440df267aec33708f51f64d38453e9dbdb48e60ef878579da2eea24e

Download Submit
memory/3016-16-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/3016-15-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/3032-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/3032-1-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/3032-2-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download