c0431730dabc94556423d1f2a06cfcdc2d33309a9c7dfca6ac6f7f19eb21cb6b

Analysis

max time kernel
135s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe
Size

42KB
MD5

0f789f34a5f06f3837094b17cd958877
SHA1

f24032998a14c14db96bd01fc4c916546a48111c
SHA256

c0431730dabc94556423d1f2a06cfcdc2d33309a9c7dfca6ac6f7f19eb21cb6b
SHA512

fdc32a95fb4c596155d39f1247e59fa9d957a4b99b2ac662f4a66c1fcf1457784bfc8554f15fb2dca4cdd593e16725df92484fa8e5793fdd6fbddf89cafbc694
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPhbCi44Ct:6j+1NMOtEvwDpjr8dx45

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2796	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2796	3044	2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe	28
PID 3044 wrote to memory of 2796	3044	2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe	28
PID 3044 wrote to memory of 2796	3044	2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe	28
PID 3044 wrote to memory of 2796	3044	2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_0f789f34a5f06f3837094b17cd958877_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
43KB

MD5
002d7d87d6291014e1e5c5e5eb46bbf5

SHA1
a4dd58abd8f29f4320209c9ef175e71fbcdc9146

SHA256
4242042ce8ca669e3a5f69e48455845911e717fe6ff27ad913475ebd6dda5394

SHA512
53c6d4abde673053fc445a2bb0f3535b9a5fadd6a480e4553da0fffff5bb493b5b3e843e94ab50442d6b2b8403a13d4f77d58905f7d5a4947465683384ae6144

Download Submit
memory/2796-17-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2796-18-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2796-20-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2796-26-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3044-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/3044-1-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/3044-3-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/3044-2-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/3044-15-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download