a091ffc684e0e636cf8913ef07e581a946a134d4af6b5fc2f8e716131f8a9cba

Analysis

max time kernel
159s
max time network
188s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe
Size

96KB
MD5

960a2c9d6013a606884587d0574d0a22
SHA1

34488507df9745392c8aee1873b515193c05c3de
SHA256

a091ffc684e0e636cf8913ef07e581a946a134d4af6b5fc2f8e716131f8a9cba
SHA512

bb414f0a7f161f23f6e1c4dd876d761865107cfd71b5a3a8d75f21bd5e860ba84ffd779d930099e1b74ab404d311fe0c0fdcad04695adfdf603980af9f92c795
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWNa9mktJHlv/kH:xj+VGMOtEvwDpjubwQEIiVmkxv/6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2708	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1724	2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2708	1724	2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe	26
PID 1724 wrote to memory of 2708	1724	2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe	26
PID 1724 wrote to memory of 2708	1724	2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe	26
PID 1724 wrote to memory of 2708	1724	2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe	26

C:\Users\Admin\AppData\Local\Temp\2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_960a2c9d6013a606884587d0574d0a22_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
20KB

MD5
652ef6442a7be136b4f4fcf61b25402e

SHA1
e8f08e171f7c7bbcb90b25fd36d8a370665a777f

SHA256
cbfbf0654a170ecd3f760cf42b11844bd4d0864c3d4ab21ebfe6eb43425f42d4

SHA512
c514c118955b653f96a965a0df4609a4dae37a7a347faa220b39510a04c5414fc1ff3a60936dc91f8ff82e6e4cec94f425e884feb89ebeb5e8be5fcbe8461e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
22KB

MD5
02bd5682aca0251369153c0f39a1cdc1

SHA1
4b81e822c5527e2677397006d73a87c67a0652f6

SHA256
18e905fcfea2e03eb715d4a4341fc7e0e7b00c610f5ca545c35184162132603c

SHA512
9d75136f2a726e5932b6e0b655eeed667701b9abb2f8d0ab5cd61d9855b7d46401c3fce10eacf4db9f77efd0870930f5b1303f6571df21e0561bed6c2336c068

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
63KB

MD5
d207b16d8d475dde175060fd74cbe527

SHA1
e528b962d6b8f4aa288c176f29f3d642b7c0d2b0

SHA256
aa71da230a21fcc8614314bd3b93e8904a4efd9eeb648b60940d5a7d6815d519

SHA512
09c77f6de10bb8fe17efcf5691e99c576982f4eb28d7f05ed9aa8ad60865381471ff815dea414bcd3c7537f46bd3f4e87403b099fa31d55c4bae92d446dbc623

Download Submit
memory/1724-16-0x0000000002800000-0x0000000002810000-memory.dmp

Filesize
64KB

Download
memory/1724-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/1724-3-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1724-1-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/1724-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1724-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1724-27-0x0000000002800000-0x0000000002810000-memory.dmp

Filesize
64KB

Download
memory/2708-18-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2708-26-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2708-19-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/2708-28-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download