4d92ff0e81457ecaf52967eb7ba976b05ad0741392eec4b9d4cd910922f277a8

Analysis

max time kernel
151s
max time network
158s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 10:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe
Size

72KB
MD5

5670c283feadc9c204140b2ea2b2ef04
SHA1

cec7d06632ef79a410105f444ffbdb174cb579cc
SHA256

4d92ff0e81457ecaf52967eb7ba976b05ad0741392eec4b9d4cd910922f277a8
SHA512

f449cc9c1280d4389b694ecff2c48d70cc207b5f9db45b7519cecc85a7a501e33045f50f4b13c0b34d599bc762eea033423e9f6c9bfca1bc0f6ff9105f18e8c1
SSDEEP

768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4ZPsED3VK2+ZtyOjgO4r9vFAg2rq2g1B/Rb:vj+jsMQMOtEvwDpj5HZYTjipvF24D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2748	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1188	2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 2748	1188	2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe	30
PID 1188 wrote to memory of 2748	1188	2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe	30
PID 1188 wrote to memory of 2748	1188	2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe	30
PID 1188 wrote to memory of 2748	1188	2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe	30

C:\Users\Admin\AppData\Local\Temp\2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-23_5670c283feadc9c204140b2ea2b2ef04_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
73KB

MD5
a655e38dd21d2982e8251b2158b8d277

SHA1
d1237a766a3759f6cf5ef1f15b3d314e9e1e6355

SHA256
bba3f97728cc55d4f8bceba49d71d739be4533c3a06323644d6c1f08d8fc75ca

SHA512
cbd05e888a474e7d8b519ac27d6cc7d7bb1bb74c27d5b58c538ea5dcd574bcccea6c77c0f21b6838dcf4a3c29a441680ea72d3a971c3e5526c77274fa861cf87

Download Submit
memory/1188-7-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1188-1-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/1188-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2748-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2748-15-0x0000000000450000-0x0000000000456000-memory.dmp

Filesize
24KB

Download