643a40cd79020161c7657692ed66360eb8b7707c3fb51b4e0b612c15cf737f13

Analysis

max time kernel
160s
max time network
171s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe
Size

47KB
MD5

67ca89f170621adf48fcfe7c773b7d99
SHA1

6faef9c67eee05aef63907b4f8b23a4854db9589
SHA256

643a40cd79020161c7657692ed66360eb8b7707c3fb51b4e0b612c15cf737f13
SHA512

7949b7695f4bf9796e18f9560d43956e4655808feaa7f76d7fd774647b4ec563028032b662c615c582ecac7f5973a87b9aa89888b1da3852a75ffcf61283c288
SSDEEP

768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6D8jnPxyV4tFVgQn:bIDOw9a0Dwo3P1ojvUSD4PRtFVge

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2788	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2080	2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2788	2080	2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe	27
PID 2080 wrote to memory of 2788	2080	2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe	27
PID 2080 wrote to memory of 2788	2080	2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe	27
PID 2080 wrote to memory of 2788	2080	2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe	27

C:\Users\Admin\AppData\Local\Temp\2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_67ca89f170621adf48fcfe7c773b7d99_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
47KB

MD5
91fc2b5061b458511b7e3d45572ba650

SHA1
d466d7dbac3858b63c1e48a127d8f34bfe5c4c7f

SHA256
ff1d3c117a07e42148fc7895a227864e885c0581c1c2bde3f58622a88b000fff

SHA512
51095c60a947eee20cf0234f7e3491a735b8f27f8f8e7823cf38f1b007eabf8143aeb10e3fe32bd873db23ac1eb0949ac45a11061c497f825d54c75f097ade9a

Download Submit
memory/2080-0-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2080-1-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2080-2-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/2788-15-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/2788-17-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download