Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2023, 15:30

General

  • Target

    8c1c0b10b17febc64c16c9ffaa0453f9_cryptolocker_JC.exe

  • Size

    52KB

  • MD5

    8c1c0b10b17febc64c16c9ffaa0453f9

  • SHA1

    d7acf650acc20098fe73304a3dd945049d0f54e8

  • SHA256

    1a3f707d8d2e00942ed6530d1db86311ea63dd2e3c022c6a747bff8489213fca

  • SHA512

    fffa581d4158258c1f3e098f6760f983ea46d1069d07527f487ec700609fe494f0d51e72fa9abcb09f8eab1dc87a8a3a3c7b4187d49992f813b123c8f2568a61

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp008c:aq7tdgI2MyzNORQtOflIwoHNV2XBFV76

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c1c0b10b17febc64c16c9ffaa0453f9_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\8c1c0b10b17febc64c16c9ffaa0453f9_cryptolocker_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Executes dropped EXE
      PID:4604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe

    Filesize

    52KB

    MD5

    d8a8f577288646eb5f90c9404abc1b74

    SHA1

    c6b226fc7bf6ba1fcb4430835bc12a506a4eb383

    SHA256

    2f8ad0d3c5b89836ae10ea5e1bfaba04a90acccd7509a338b399b9f1980658d0

    SHA512

    de5a48e5cf38295394a12016d715f0752aa67d1a4d062df7c7c1d2d09c6eb92e07aafb10a76ee751d0418c728a9796e3b27bce6743a7db51571d7678b1e2f469

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe

    Filesize

    52KB

    MD5

    d8a8f577288646eb5f90c9404abc1b74

    SHA1

    c6b226fc7bf6ba1fcb4430835bc12a506a4eb383

    SHA256

    2f8ad0d3c5b89836ae10ea5e1bfaba04a90acccd7509a338b399b9f1980658d0

    SHA512

    de5a48e5cf38295394a12016d715f0752aa67d1a4d062df7c7c1d2d09c6eb92e07aafb10a76ee751d0418c728a9796e3b27bce6743a7db51571d7678b1e2f469

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe

    Filesize

    52KB

    MD5

    d8a8f577288646eb5f90c9404abc1b74

    SHA1

    c6b226fc7bf6ba1fcb4430835bc12a506a4eb383

    SHA256

    2f8ad0d3c5b89836ae10ea5e1bfaba04a90acccd7509a338b399b9f1980658d0

    SHA512

    de5a48e5cf38295394a12016d715f0752aa67d1a4d062df7c7c1d2d09c6eb92e07aafb10a76ee751d0418c728a9796e3b27bce6743a7db51571d7678b1e2f469

  • memory/1600-133-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

  • memory/1600-134-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

  • memory/1600-135-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

  • memory/4604-153-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB