3c976f6054ffe3fd06ff20f2a8ad9f6b262ba2bdafd57afd5fb69dfe320eb0ec

Analysis

max time kernel
150s
max time network
181s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe
Size

51KB
MD5

7acf86549e160d83d90da4eb6295df45
SHA1

8ce079776de5e3f1a0501a8a6302306f557c281e
SHA256

3c976f6054ffe3fd06ff20f2a8ad9f6b262ba2bdafd57afd5fb69dfe320eb0ec
SHA512

2ef0e6ff43c8b9c079e10c07986b7d815de1d37830386d41e9054a227152d73b6ebf3bd4732178feda566467af0bf93f54bcd0ded53e59f504746b8f5579b26f
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9GQ:bIDOw9a0DwitDZzi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1360	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
1352	2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1360	1352	2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe	16
PID 1352 wrote to memory of 1360	1352	2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe	16
PID 1352 wrote to memory of 1360	1352	2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe	16
PID 1352 wrote to memory of 1360	1352	2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\lossy.exe
"C:\Users\Admin\AppData\Local\Temp\lossy.exe"
1⤵
- Executes dropped EXE
PID:1360

C:\Users\Admin\AppData\Local\Temp\2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_7acf86549e160d83d90da4eb6295df45_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
51KB

MD5
cadced4fe51940c684876548b8c4a8c0

SHA1
5c82b761207168063e1bc5f874afa9e373be7c03

SHA256
3131c7caf478f0d52b8720e82d7ba3164922b45b193f8bd212bc0272982acc5a

SHA512
150bcda5b0419d85aac5ee97cfc351e8dbe3b0842b232503ec9269a07ec395e52b0609410acc82401e19ac2b5b1777241d95cef17fcb8c7ce62a6f9d80f0f64f

Download Submit
memory/1352-1-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/1352-3-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1352-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1360-15-0x0000000001B20000-0x0000000001B26000-memory.dmp

Filesize
24KB

Download
memory/1360-18-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download