c01a41b2e4fba92668956bc83923fe660083c39ad95d6993a2a856d6f92af285

Analysis

max time kernel
0s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe
Size

37KB
MD5

c43835fac4c0ee68123348bfca7cd1a0
SHA1

66c4f413b5f7bef327d6fdc1a02a98fa057e56ca
SHA256

c01a41b2e4fba92668956bc83923fe660083c39ad95d6993a2a856d6f92af285
SHA512

faf09da4543cb78b24f9c252d48c6150148d180d11e5e0a388c075d3a39151ffbc8702b2f4b81e8b5171fd14aa7823f0fb00b2f94a6ea2ec8a678d211043c032
SSDEEP

768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvgpnL:m5nkFNMOtEvwDpjG8hgpL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1728	2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2680	1728	2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe	14
PID 1728 wrote to memory of 2680	1728	2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe	14
PID 1728 wrote to memory of 2680	1728	2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe	14
PID 1728 wrote to memory of 2680	1728	2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe	14

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
1⤵
- Executes dropped EXE
PID:2680

C:\Users\Admin\AppData\Local\Temp\2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_c43835fac4c0ee68123348bfca7cd1a0_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
14KB

MD5
6ab9fdf2d1e7b1f42ea9eab41100c49e

SHA1
76d82ada5170ed4ecfed0bf4825356108f795df9

SHA256
d2778a9b7357dcbe5f84655d5e5466a6d06a84393c3c069f1649344088dafbb9

SHA512
c10f98e5d2dac30551cd9f2ea0a3af54a78068e353012b37043d29e26ccdf41ad8ca22efb1cb5446946bd33627b6d12e04bc934be9f82f8df7cbae1fa50f8f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
7KB

MD5
ad0f9aa938147c3d53f659eeefc8f927

SHA1
a793afb96676321e20bc8191e350e7ae7f34df83

SHA256
6f1ec7dd91ba336d7ce24c4b46084c3be3effbd2f9754deeedab7f966f635443

SHA512
07adc579d64ae813928461b6fdf46b89094f892a98bce32d041368daa4bbafd41b26233c2c9cc2c279022ff88e2610fadd2bce4077724af19af65b1d57eef004

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
37KB

MD5
f6433f50ff4d78b250071c1684db4040

SHA1
e5c944b124c0f9995084f39150ffaa06448024a8

SHA256
9286f2e25485df972d2ea72e70be361f3ea0586fc847f6a17155c85262c681d0

SHA512
32eef7f4bcf2d8d78f4f9e8244bf594a32a1079f1b79cc6665bb258683af9d7b0d8f983db88adaf55d68928e99f4f66f1dfec3d332be233d8aade9cc07070e3b

Download Submit
memory/1728-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1728-15-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/1728-16-0x0000000002320000-0x000000000232E000-memory.dmp

Filesize
56KB

Download
memory/1728-2-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/1728-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1728-0-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2680-26-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/2680-19-0x0000000000380000-0x0000000000386000-memory.dmp

Filesize
24KB

Download
memory/2680-18-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download
memory/2680-27-0x0000000000500000-0x000000000050E000-memory.dmp

Filesize
56KB

Download