dfe888298a125bea09a3d2346780ec10e0cf74c4ef8f9cc762639a6f7c0a082f

Analysis

max time kernel
0s
max time network
143s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe
Size

98KB
MD5

cc5bfd300ae306af3504c1d7a8ddd1e0
SHA1

b2d0759e69124501d24bae2094b4578421209d42
SHA256

dfe888298a125bea09a3d2346780ec10e0cf74c4ef8f9cc762639a6f7c0a082f
SHA512

945610963066951978d1206d98e026ceb9530081701bbbb71025b2e0d8c17f434102ab29dc9caa8adaa5fc5e78afabb04271b90089f77319fc21672668c82a71
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRiWjzbJ:i5nkFGMOtEvwDpjNbwQEIikZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3008	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2652	2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 3008	2652	2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe	14
PID 2652 wrote to memory of 3008	2652	2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe	14
PID 2652 wrote to memory of 3008	2652	2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe	14
PID 2652 wrote to memory of 3008	2652	2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe	14

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
1⤵
- Executes dropped EXE
PID:3008

C:\Users\Admin\AppData\Local\Temp\2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_cc5bfd300ae306af3504c1d7a8ddd1e0_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
98KB

MD5
c3c360901469ac879cc157b96e083985

SHA1
b0ddde720725c3f45a06536c72355c3386829330

SHA256
8bf598495877015e5122b22258314cc5b0681dd12d618ca7d7f43afdbf81f030

SHA512
a1296ab7176381f0d813ba0fb5542f1d8e44a6ae67000aeb1bcc1a348c34e84b12b9ed5c1af29e893b228e1704e57420acdfd1a38858a7248b3da056378ad151

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
31KB

MD5
5387675149e76784db95ca8599e615b3

SHA1
a500f7a99f69ff88b3f26a4a30456ac1a3ae7193

SHA256
0c4fe16ab6a595e0a6248be3e15e4b8e57798110fcf011fd47236d1b9041b3f5

SHA512
490a18f13c5a86fbcea4cb5e7824b94904a2e38fcad4d55003f3703465945d4e71d8bef4814276ad0fbc98384319376b885266b91a1e670c0c4575d204bbb7dc

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
15KB

MD5
e9fc630e706d89fd54acfc49c7fbf89e

SHA1
044a98ef86f2f232d00bf1818c8193e0438fae14

SHA256
5d6401d3e058ddb66189ec69f6eb3471d915a5f6f075912b9f8d1cb2384da580

SHA512
16fac9426c0c3290c72241896fd26a7855f7c8026d4d68044b0fd2dffa4494005001f26890c685bd1be51717d0472bb44094d8c1d696a6db9251f7eef9a0dfa2

Download Submit
memory/2652-9-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2652-13-0x0000000000640000-0x000000000064F000-memory.dmp

Filesize
60KB

Download
memory/2652-8-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2652-1-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2652-0-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/3008-26-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/3008-19-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/3008-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3008-27-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download