2469c249d439d42c9da68d2867279226c9eef33389f7046317a7dd51c2a8af9a

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 06:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe
Size

38KB
MD5

c3ece46bf8d69cf7ddb477b053ddea2a
SHA1

2fe0ff18e5b8437b70fbb63f60f152a7960422b9
SHA256

2469c249d439d42c9da68d2867279226c9eef33389f7046317a7dd51c2a8af9a
SHA512

e133ca10f482522f4e091689abc060d9167d82c790fdff89d3d6845d6702329d2f2515465dea3408357f3c05969b0ccf01854d7cda27a62f789c49c365f95085
SSDEEP

768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvP7DMYaFw:m5nkFNMOtEvwDpjG8hP7DMBw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2348	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
3064	2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2348	3064	2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe	14
PID 3064 wrote to memory of 2348	3064	2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe	14
PID 3064 wrote to memory of 2348	3064	2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe	14
PID 3064 wrote to memory of 2348	3064	2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe	14

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
1⤵
- Executes dropped EXE
PID:2348

C:\Users\Admin\AppData\Local\Temp\2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_c3ece46bf8d69cf7ddb477b053ddea2a_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
29KB

MD5
82dd37c3229d4963488d4b8140811279

SHA1
b077267f0cdec933935745f900632e0e4bc1d1c5

SHA256
babb139b751ef5f9effb91d75877e05fc2aef6ee956d52c8d42b8cb80b8b95b1

SHA512
202e2a6265372fb2f9acbf19dc5ca2f613bf78122d71ebc1649ec4b5fbd647540a3835125b1e74fbf66415972605a7d17c827c67c284273ca34d0939a0e9bfcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
23KB

MD5
d8430233fb735c63ea27a0d4d80aa0c0

SHA1
4910b2aaae64c9ff7d866b6d3059733d9ae3ca9b

SHA256
c7b46e02989efda55e112589fbfa9ab5a6ee1382833541a31390e67fb97ad09e

SHA512
dc2d0fa79094e392399fffa416937751cc5417f8ac102862876a4ce27ffdf743e540effaf7274fa57f1121c097bf0235747ae5b9bbc4e1368e8506e1c423895a

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
39KB

MD5
0392e0ea18d03a839159d5ce6dd3a82a

SHA1
953b909860b975a46716b6874f965230a3accd66

SHA256
832a442083aca982f33871df04ebee2b459b1d6180ac57f911224869045509a7

SHA512
9f22b870eec8e0fc67887f91ae0e167915bc2bec9ac5cb119d6391167aa06a700f914bd28c2614b6843992ea2e8a5c6117d4e77a465a6714c755a9237ce5d6a7

Download Submit
memory/2348-26-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2348-19-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download
memory/2348-17-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2348-27-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/3064-1-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/3064-2-0x00000000004C0000-0x00000000004C6000-memory.dmp

Filesize
24KB

Download
memory/3064-16-0x00000000024C0000-0x00000000024CE000-memory.dmp

Filesize
56KB

Download
memory/3064-15-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/3064-3-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3064-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3064-29-0x00000000024C0000-0x00000000024CE000-memory.dmp

Filesize
56KB

Download