04b697e3f2f7f4a6e0ed0b069ff8a56410a100f0090a23e777d890a65c7ed893

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe
Size

43KB
MD5

fe459af43e8c7f8a77381abdbd245f2a
SHA1

9756f57a08a58a287c74b8bfa1038b0362b3ef94
SHA256

04b697e3f2f7f4a6e0ed0b069ff8a56410a100f0090a23e777d890a65c7ed893
SHA512

d7c36086ce9ca21c8eecbe506c28a8ca7640bbc42ca9f92c4bef4b9f774e49d2db4871bf223f4691cf2d3fdd87164087e8d01fb3c5c9e8ab7d2297799af9ceba
SSDEEP

768:bCDOw9UiaKHfjnD0S16avdrQFiLjJvtAqjrG:bCDOw9aMDooc+vAqjC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	lossy.exe

Loads dropped DLL 1 IoCs

pid	Process
2488	2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2900	2488	2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe	28
PID 2488 wrote to memory of 2900	2488	2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe	28
PID 2488 wrote to memory of 2900	2488	2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe	28
PID 2488 wrote to memory of 2900	2488	2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-29_fe459af43e8c7f8a77381abdbd245f2a_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\lossy.exe
  "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
  2⤵
  - Executes dropped EXE
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lossy.exe

Filesize
43KB

MD5
d8b265f78f945d928d0d3f49678e7b45

SHA1
79538a3c1a81fc22c32aaa6367a4646b00b23155

SHA256
28b68c419cca981a8244f75aac782a1c3875b22b6cba15ae21aac5a21ef5c0fc

SHA512
dccaad6cc750e9008cdff4ca24993ffdd34621f51d77c47025675cee58212daf6a81651cc5a2dbde0e32eb15dfb80d4bfc5c6e06aa568eb41399f5e82d58ceca

Download Submit
memory/2488-0-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2488-1-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2488-2-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2488-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2488-13-0x0000000000580000-0x000000000058A000-memory.dmp

Filesize
40KB

Download
memory/2488-16-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download
memory/2900-25-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2900-26-0x0000000008000000-0x000000000800A000-memory.dmp

Filesize
40KB

Download