f66ba2bb916b6ac96ebe6e5cc3e38faec5ab39bd1f1df67d8f179ce2617242a2

Analysis

max time kernel
0s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 05:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_453af1a1bf6b7904e76224fedcb1063c_cryptolocker.exe
Size

62KB
MD5

453af1a1bf6b7904e76224fedcb1063c
SHA1

9143ae595acea3687e54bc348be75aa3bfd6fe04
SHA256

f66ba2bb916b6ac96ebe6e5cc3e38faec5ab39bd1f1df67d8f179ce2617242a2
SHA512

847d466a0d68f049f5a73f563046f19193240fc11ca205d7c7fb3c3c247118946508b2b4a59b3e060d804c858ee20393d0bf9cace9b63bd4d4e293c165c0e845
SSDEEP

768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPOYRmNxt5I52kGEpE0P/t:6j+1NMOtEvwDpjr8ox8UDEpN/t

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-09_453af1a1bf6b7904e76224fedcb1063c_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_453af1a1bf6b7904e76224fedcb1063c_cryptolocker.exe"
1⤵
PID:4032
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
1KB

MD5
f36b41fe438e721be3491ddc7e3a3697

SHA1
3996f1c8c612dc0959bbcbab5d4346616d993958

SHA256
698cfbdb818ece01e0ebce182008e24bdf14271427477e4f88deed166cb63a94

SHA512
9300d32e21831aa7a7b7b81a32a0de30476839d7b2686671280995126eacfa7649b859041a42fdb6718e31a45ebf314f481b50042753a361ad38b54b165738c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
5KB

MD5
b9b559e3fb935d65dd1d000dafaa34c2

SHA1
3ed5a01b3df029dd8fe763510854f266095ad7b0

SHA256
fab620d64627fc97b64f6f240cc1ac4eb18ea81e861a16b7757d26423bca8f0e

SHA512
7247b9a96cbdd2d2e1e27e032154de4675397231dc85bc168e4e6135788ee06ef71517829f04e22225f1d58a7bc5116055a0446301c47bad2ae81f3a0d2a87ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
f52ffd9b81baf85dc30c26e369cc985d

SHA1
a01c46508d77381e4ac2f32e6db1bfb6a389ca7f

SHA256
5f4a039e6ab87073e60a320b99195bd694dc88d2414a3dd862fe5bd74a086ef6

SHA512
d62e75ab5ff73a946ff2e12da7183e9bb93cb25eef879e06b1f677a8d67af2c7b796b22aad8f908a3acd1f9bcae8ee38ef218da81ca59b7b8085e78873f0b495

Download Submit
memory/4032-0-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/4032-3-0x00000000020E0000-0x00000000020E6000-memory.dmp

Filesize
24KB

Download
memory/4032-2-0x00000000021C0000-0x00000000021C6000-memory.dmp

Filesize
24KB

Download
memory/4032-1-0x00000000021C0000-0x00000000021C6000-memory.dmp

Filesize
24KB

Download
memory/4032-19-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/4472-20-0x0000000000630000-0x0000000000636000-memory.dmp

Filesize
24KB

Download
memory/4472-18-0x0000000000650000-0x0000000000656000-memory.dmp

Filesize
24KB

Download
memory/4472-50-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download