9503ce48fe3d61b37c01edd7e9c0ca3e6e9bf9a4a2a65fda1e2a7a5ba192c640

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe
Size

787KB
MD5

ad9983a1051bf98ee107d191b30b7f01
SHA1

7918dd6a73e6308ddc26644a9ab482182bfc954c
SHA256

9503ce48fe3d61b37c01edd7e9c0ca3e6e9bf9a4a2a65fda1e2a7a5ba192c640
SHA512

3ffb48f379ad1f1b8edbe30b15b73c0beec6f0d539d238e15650ef6d9118fe0926fbb7640c48ff511826ee11fb8574e447ec649b2c1d87c2a99b6f762357c5ff
SSDEEP

24576:aHQVCB9lVF1lVF1lVFkUEi019za5F+DLK9bygw6X/pj:aHAg9lVF1lVF1lVFkUEiiCX/p

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2860	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2924	2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2860	2924	2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe	31
PID 2924 wrote to memory of 2860	2924	2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe	31
PID 2924 wrote to memory of 2860	2924	2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe	31
PID 2924 wrote to memory of 2860	2924	2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe	31

C:\Users\Admin\AppData\Local\Temp\2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-08_ad9983a1051bf98ee107d191b30b7f01_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
787KB

MD5
7533f08e65044f1f4a55bb0c545cf94f

SHA1
2476cbef3b82214ae1f778e132a60d167de6dbf2

SHA256
2ae3723bdc8d6c847455beece9b78305aa8212343208a7ed26980874ab3b442a

SHA512
0679629529da543c1cae65d7adbd492050de3eb692ec2b90a99432d5aa63691a58b005fd88493622897088ddd0dfcd81b84d98d11846a7ee955e6824ccecd008

Download Submit
memory/2860-15-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2860-22-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2924-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2924-3-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2924-1-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download