31fbadf451d07b098078c5206c14a0784b55345d22703bf26f61decc9ed5f83a

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 13:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe
Size

44KB
MD5

ab190a4f2a8bfbdac7790248f0940b2d
SHA1

f7b602ed2be8eb5252c2dd2bd9c3e56bd4ae7cbf
SHA256

31fbadf451d07b098078c5206c14a0784b55345d22703bf26f61decc9ed5f83a
SHA512

0200e119a14a28e765aa19888be818b9d7961a39f017d04aef5fbd6a7ed6bddc71be4c4ce214d1b9ce0719fcbee6b2ea9ab98ccc67b3ee78dcf26ddb269bc8cf
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4REL+cc66Tc4:vj+jsMQMOtEvwDpj5HW5sc4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2964	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2384	20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2964	2384	20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe	28
PID 2384 wrote to memory of 2964	2384	20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe	28
PID 2384 wrote to memory of 2964	2384	20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe	28
PID 2384 wrote to memory of 2964	2384	20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\20240531ab190a4f2a8bfbdac7790248f0940b2dcryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
44KB

MD5
da3eb4704b1f3b73d171f29e84b52af9

SHA1
9fcc94b76914e7ba5c12d5b94e5b1566c6213625

SHA256
dc159a66619a1a68cddd8d4a7f8642d633b7e7568e29fde3b5b98a7baca91ee4

SHA512
c3f60e6c0876c14caedb52cbe7103a05688164dad90e6561eb377a9d4bee4cb8fe082ab2da941d247e865d33d0200a9e6d70cc041932c06a67aee0a9e3eec9fb

Download Submit
memory/2384-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2384-1-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2384-8-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2964-15-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download