244e44c629c20f3c682e977eeaa30d177291a32a64bfa5e283f45ba0eb48deb9

Analysis

max time kernel
0s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe
Size

121KB
MD5

87ffb9cb23c24d2bd28371be04755535
SHA1

36a71661923515afbfbda2d218c907222b9ad9f6
SHA256

244e44c629c20f3c682e977eeaa30d177291a32a64bfa5e283f45ba0eb48deb9
SHA512

65bd8f1cbd9e53b7af85d79bf6a22b32ea459e0e4847018a5b6da79d3a40131bc9ddb4f31210143e0c606f2295d9bbb8bb12956b1cf98066cd212f317fe27290
SSDEEP

768:gUQz7yVEhs9+4T/1bytOOtEvwDpjNbZ7uyA36S7MpxRIIXVe3mU9TYwlOBTZe:gUj+AIMOtEvwDpjNbwQEIPlemUhYpe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3000	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3000	3044	2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe	14
PID 3044 wrote to memory of 3000	3044	2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe	14
PID 3044 wrote to memory of 3000	3044	2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe	14
PID 3044 wrote to memory of 3000	3044	2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe	14

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
1⤵
- Executes dropped EXE
PID:3000

C:\Users\Admin\AppData\Local\Temp\2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_87ffb9cb23c24d2bd28371be04755535_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
6KB

MD5
8c7a2e38b3ce6d91eb5649ea6b6ca6cb

SHA1
3cd0e57c4a94c7234992b5604f2b7224eb7fa0a0

SHA256
8eb85c92b133df27e2773849199483db9b639b81d9e0b529cbcd99bebd668304

SHA512
3ffcdec9332750ea546b85917b5e7e8d053570a9bcccda05aec4889c94837dd423e4ed2ccf1c62913a169f21502649a9b74d0bbd677e19c1aaecf377a5f646c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
27KB

MD5
5e2290819cc696a5ef1b228adc2eb99f

SHA1
becb81fb56f414855b9bef33386fda165a899216

SHA256
5ad1630fca844016f8a6be95e2dc32dd0d9301a236f95815d4bd9c38f66da8b1

SHA512
b48493400bd94bd7a54713aed75eca8d1a031408e01e7676f8ee2dee4845491e683bab08e2e34413d8543f62c6962bc6c36b4d1e07e7ca6cac223d64bd97da20

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
1KB

MD5
c1087956c7b4158df9827c54c781199e

SHA1
88a832d49d7cb7af72e6575f703983c056c25290

SHA256
6cf02530ed636f99f4575fd2ceaafb8fea996fd966279d1f2ccd3f41a2abda61

SHA512
3f5afe9828c540f03b61d71ec95ca862610b8ac20c4182e665bc54e2ce6a298c4464d4686463c3af0acb03cf4edfd0a8784b7be03b531c03bc02219622856c81

Download Submit
memory/3000-15-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/3000-18-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/3044-8-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3044-1-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/3044-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download