31b593732687fa1a462dc1dfb5d493720955e105ce885e5c23837871d0276bcc

Analysis

max time kernel
163s
max time network
186s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe
Size

121KB
MD5

96cd5d54244eb29ccd47b1ab03ae9c0c
SHA1

3b48d537185e71eb36e11224dca0ebd2cc1d9805
SHA256

31b593732687fa1a462dc1dfb5d493720955e105ce885e5c23837871d0276bcc
SHA512

ea2647125559e7ae0e2247eb9b6c2ec172f2640e7c4b342301cb7794350000f49d0f158ffd90839934afaeb562685843e75285548eeda0e314cedbd851b23fbf
SSDEEP

1536:gUj+AIMOtEvwDpjNbwQEIPlemUhYwkkxE8:vCA9OtEvwDpj0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2776	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2084	2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2776	2084	2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe	20
PID 2084 wrote to memory of 2776	2084	2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe	20
PID 2084 wrote to memory of 2776	2084	2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe	20
PID 2084 wrote to memory of 2776	2084	2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe	20

C:\Users\Admin\AppData\Local\Temp\2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_96cd5d54244eb29ccd47b1ab03ae9c0c_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
58KB

MD5
eb3df83cc044b5527263cc87f1d4ff92

SHA1
2b853e8cc164539606841acfc51fd99622836f9c

SHA256
abc9b91ddc489c90899cf7cd3f5a71f1ff8aedf3ece856d38f3c562300d17ed4

SHA512
d339475c3171c43002fc116cc25ccb8ece73a68855ec6ec8b20ca53848af57008d2ab9be92bc3aec49bb668c21f254120c5ef260704c484691ad061c66b037fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
121KB

MD5
0e768499c1a2c247e26054cd18b32f51

SHA1
6b9411b1a982c941483dbc32761e502fc4ebdc6a

SHA256
2f2307afe883c29936e88e1a73b4a1af0d8defacd5fec49dcc0c66d78ce4eb80

SHA512
7892d636258dbcfe95c8c3d192499a21dded59150f6bb524805dfb2cff2d9186690553f5cb65c2f799a25237849395fd341cc1caf16137d355c31b5a40521061

Download Submit
memory/2084-0-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2084-1-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2084-7-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2776-22-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2776-15-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download