f2c7a60a7fe87a54634947516577e08f4a1b9ed7357b63a1cc9e4ecadee9b1d6

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c1ea67eec0ed1d47b2570ad0a730e5d_cryptolocker_JC.exe
Size

43KB
MD5

7c1ea67eec0ed1d47b2570ad0a730e5d
SHA1

7e3c9d5a3baedc369fc6ed8d08e245264bb30e2c
SHA256

f2c7a60a7fe87a54634947516577e08f4a1b9ed7357b63a1cc9e4ecadee9b1d6
SHA512

a33166bc19749705c69bb3bb013a1423fcd4c4bd9e0f27e129549227145c96877d4e4e3f078b244a8db370d813c339989f376fa96c811ef3c7b1e4078d5a0aa7
SSDEEP

768:b7o/2n1TCraU6GD1a4Xcn62tH/1/Lp1jW86:bc/y2lm6iH/NLp1jY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2772	rewok.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 2772	372	7c1ea67eec0ed1d47b2570ad0a730e5d_cryptolocker_JC.exe	82
PID 372 wrote to memory of 2772	372	7c1ea67eec0ed1d47b2570ad0a730e5d_cryptolocker_JC.exe	82
PID 372 wrote to memory of 2772	372	7c1ea67eec0ed1d47b2570ad0a730e5d_cryptolocker_JC.exe	82

C:\Users\Admin\AppData\Local\Temp\7c1ea67eec0ed1d47b2570ad0a730e5d_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7c1ea67eec0ed1d47b2570ad0a730e5d_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Users\Admin\AppData\Local\Temp\rewok.exe
  "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
  2⤵
  - Executes dropped EXE
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
43KB

MD5
de927f4e8973bbd8a31a3d52b6b84994

SHA1
19f27f62c505d13a5347f3be07806219fbd92a68

SHA256
a0d1d6a1672cf23c7fa134897d954ab607356342499867b1ba4b36b059eacdbe

SHA512
cce514cb85f6d952863ef1886d3f809554b54e6f2b3abfb62dd540d8687dce54170eaeab3baaedd8b6733df93cabc003a6f6d166b03c08a234ccb845a0b74a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
43KB

MD5
de927f4e8973bbd8a31a3d52b6b84994

SHA1
19f27f62c505d13a5347f3be07806219fbd92a68

SHA256
a0d1d6a1672cf23c7fa134897d954ab607356342499867b1ba4b36b059eacdbe

SHA512
cce514cb85f6d952863ef1886d3f809554b54e6f2b3abfb62dd540d8687dce54170eaeab3baaedd8b6733df93cabc003a6f6d166b03c08a234ccb845a0b74a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
43KB

MD5
de927f4e8973bbd8a31a3d52b6b84994

SHA1
19f27f62c505d13a5347f3be07806219fbd92a68

SHA256
a0d1d6a1672cf23c7fa134897d954ab607356342499867b1ba4b36b059eacdbe

SHA512
cce514cb85f6d952863ef1886d3f809554b54e6f2b3abfb62dd540d8687dce54170eaeab3baaedd8b6733df93cabc003a6f6d166b03c08a234ccb845a0b74a77

Download Submit
memory/372-0-0x0000000002210000-0x0000000002216000-memory.dmp

Filesize
24KB

Download
memory/372-1-0x0000000002210000-0x0000000002216000-memory.dmp

Filesize
24KB

Download
memory/372-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2772-20-0x0000000002020000-0x0000000002026000-memory.dmp

Filesize
24KB

Download