de6d797cf6a1b1902bb71ba5f0b0e502f3dcfa9285c680f36df7db7ced59f86a

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41a4918bbbb9ced820112aadc108d1a2_cryptolocker_JC.exe
Size

61KB
MD5

41a4918bbbb9ced820112aadc108d1a2
SHA1

1b10018c7eb1b32a0ce0b3cdec09de3743ddf26d
SHA256

de6d797cf6a1b1902bb71ba5f0b0e502f3dcfa9285c680f36df7db7ced59f86a
SHA512

ec16a94e0f6075d5aa5a5fa94044440f3eca9a7c79355ddb5b2bb88102908c7fbe8f6de7caaabf55873226076d969505f03d05bc9e6f9f585475c3b0b16797be
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x/9lfL+gniaMTM1:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7W

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4148	hurok.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4148	5024	41a4918bbbb9ced820112aadc108d1a2_cryptolocker_JC.exe	86
PID 5024 wrote to memory of 4148	5024	41a4918bbbb9ced820112aadc108d1a2_cryptolocker_JC.exe	86
PID 5024 wrote to memory of 4148	5024	41a4918bbbb9ced820112aadc108d1a2_cryptolocker_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\41a4918bbbb9ced820112aadc108d1a2_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\41a4918bbbb9ced820112aadc108d1a2_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
61KB

MD5
0657ffb03534129eeeb65730801f1baf

SHA1
819234f3de90522585631e6f0364e1f692327a06

SHA256
9f5370796bdcdab2a27796f0f7baf10e2ad6e5dce36410e9ed96d885f078ee7d

SHA512
3ac3c3a540456dc526a3554dcd2abc1066c12b266b3fcfa0a9df0c1ce2a11ce3360fba4ef4947169dabfe1fc6596c43cb595b5f9a88f1b204ef9d53c25e0f2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
61KB

MD5
0657ffb03534129eeeb65730801f1baf

SHA1
819234f3de90522585631e6f0364e1f692327a06

SHA256
9f5370796bdcdab2a27796f0f7baf10e2ad6e5dce36410e9ed96d885f078ee7d

SHA512
3ac3c3a540456dc526a3554dcd2abc1066c12b266b3fcfa0a9df0c1ce2a11ce3360fba4ef4947169dabfe1fc6596c43cb595b5f9a88f1b204ef9d53c25e0f2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
61KB

MD5
0657ffb03534129eeeb65730801f1baf

SHA1
819234f3de90522585631e6f0364e1f692327a06

SHA256
9f5370796bdcdab2a27796f0f7baf10e2ad6e5dce36410e9ed96d885f078ee7d

SHA512
3ac3c3a540456dc526a3554dcd2abc1066c12b266b3fcfa0a9df0c1ce2a11ce3360fba4ef4947169dabfe1fc6596c43cb595b5f9a88f1b204ef9d53c25e0f2c2

Download Submit
memory/5024-133-0x00000000005B0000-0x00000000005B6000-memory.dmp

Filesize
24KB

Download
memory/5024-134-0x00000000005B0000-0x00000000005B6000-memory.dmp

Filesize
24KB

Download
memory/5024-135-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download