4f6ba1b3a5a21e038767e120c3f4fbf1e7a60ba1cf37a5a280de5f439669b066

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2023, 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73aea0ef8d15165c994187c7388be8da_cryptolocker_JC.exe
Size

51KB
MD5

73aea0ef8d15165c994187c7388be8da
SHA1

cb9e707f383cb0792e2dfbb8562bf735bd7c989e
SHA256

4f6ba1b3a5a21e038767e120c3f4fbf1e7a60ba1cf37a5a280de5f439669b066
SHA512

4132b01ceebb11673a815f58ba96ccaf9d243c1dc641c6bc98b1b26dfcdb83164e0929a02ca0c47691794f22c071724816db3be3ec176e39ee15e45b9c433edd
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0SJ1:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7O

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4792	hurok.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 4792	980	73aea0ef8d15165c994187c7388be8da_cryptolocker_JC.exe	83
PID 980 wrote to memory of 4792	980	73aea0ef8d15165c994187c7388be8da_cryptolocker_JC.exe	83
PID 980 wrote to memory of 4792	980	73aea0ef8d15165c994187c7388be8da_cryptolocker_JC.exe	83

C:\Users\Admin\AppData\Local\Temp\73aea0ef8d15165c994187c7388be8da_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\73aea0ef8d15165c994187c7388be8da_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:980
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
51KB

MD5
1df3c8bcdf5f48b616e0ce5c21da38c0

SHA1
9701b98271762490c83b306d107969eb485e2495

SHA256
1479612e25408e45dadca3092909c959371de79d3c0206aed5823ed1f3b9c707

SHA512
538397e035d53953b0b47bb9511073efdedd39ea27ca2f4f380e973b01f2f00d8dd6afc0384e686fa1b6fadcb58b6340a240086634d2e7a4c0043430cf412732

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
51KB

MD5
1df3c8bcdf5f48b616e0ce5c21da38c0

SHA1
9701b98271762490c83b306d107969eb485e2495

SHA256
1479612e25408e45dadca3092909c959371de79d3c0206aed5823ed1f3b9c707

SHA512
538397e035d53953b0b47bb9511073efdedd39ea27ca2f4f380e973b01f2f00d8dd6afc0384e686fa1b6fadcb58b6340a240086634d2e7a4c0043430cf412732

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
51KB

MD5
1df3c8bcdf5f48b616e0ce5c21da38c0

SHA1
9701b98271762490c83b306d107969eb485e2495

SHA256
1479612e25408e45dadca3092909c959371de79d3c0206aed5823ed1f3b9c707

SHA512
538397e035d53953b0b47bb9511073efdedd39ea27ca2f4f380e973b01f2f00d8dd6afc0384e686fa1b6fadcb58b6340a240086634d2e7a4c0043430cf412732

Download Submit
memory/980-133-0x0000000002270000-0x0000000002276000-memory.dmp

Filesize
24KB

Download
memory/980-134-0x0000000002270000-0x0000000002276000-memory.dmp

Filesize
24KB

Download
memory/980-135-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4792-152-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download