7ba066f1e134a5e3b56842ba1dafb2bfb06ac439749636b8fbffd1c9f9d28195

Analysis

max time kernel
0s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe
Size

93KB
MD5

ad2979ed34cdeb421aa1e56e9fa15142
SHA1

9f78ec27bc117bcb784acfe85da2f891f2564df3
SHA256

7ba066f1e134a5e3b56842ba1dafb2bfb06ac439749636b8fbffd1c9f9d28195
SHA512

9a9520a81d7c1cb11755f668558647aac43d1909e22376ccafdce55a39389b258bcbb004a83e75c6bf50123fe02b83331cd32dde517a1eb3159291b1dacd0575
SSDEEP

768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWNa9mktJb:xj+VGMOtEvwDpjubwQEIiVmkv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3028	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1108	2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 3028	1108	2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe	16
PID 1108 wrote to memory of 3028	1108	2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe	16
PID 1108 wrote to memory of 3028	1108	2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe	16
PID 1108 wrote to memory of 3028	1108	2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe	16

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
1⤵
- Executes dropped EXE
PID:3028

C:\Users\Admin\AppData\Local\Temp\2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_ad2979ed34cdeb421aa1e56e9fa15142_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
93KB

MD5
ce5601cc0b689f6b00ff23322f833a18

SHA1
6403a8b3ce819dd877f229e914ade0b2b022b6dc

SHA256
b4fe2a29bac775ac8da19a00c2be7806084b15e96b7f3aa511c5434f9f460f92

SHA512
8d8c2937906cd3829862d51242bb7681f31f85769945e3c67e20b0cf1ff007f53e0ef7fce19cae6a1c6da657d627e0a3afbde111929527c790d0c2a9d6525781

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
76KB

MD5
d8f4446fa765c26798e72eaa71cd6d8a

SHA1
b9ca00b7b6c147370a75646da7e0d000de45807b

SHA256
91cef2bf8ca3173bc755188384c05a1d5f228af19fd3eff15cacfc4a40a0d892

SHA512
849859470bdad8626e962f3b7ec4ab7f9e90d5bddda1f3a015e41ac14f9f1e07e303424902df5fb60bb3e384d85bc8f0649a3e6a6ecb6ad76c0ce6797ee70d42

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
89KB

MD5
d2e93b9ecd2e9a0beba1230eb0b4a296

SHA1
c74da6e44f8b0f25f6ac89b6aa7e03997323df5e

SHA256
94cce211ab863a439da2050ddf8673845d5acb1b76a4500972556344607f38b3

SHA512
1d30bfa815c382264c6c7aab55bbadbe7d03e508928316e3ff54bb9d31a48d50eb5f6cb996adc120282cc5fb786db60aa64a3a761d589a6f496f80fa7f14540d

Download Submit
memory/1108-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1108-3-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1108-2-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/1108-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/1108-12-0x0000000000670000-0x0000000000680000-memory.dmp

Filesize
64KB

Download
memory/1108-1-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/3028-25-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/3028-26-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download