affde84552187a32735427e932e16791197535c9789a4c8942225246b8c24552 | Triage

Analysis

max time kernel
1s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 17:22

Sharing

Report Analysis Logs

General

Target

7b9e47e7a7a9dc8970f9e74c4dc01946_cryptolocker_JC.exe
Size

33KB
MD5

7b9e47e7a7a9dc8970f9e74c4dc01946
SHA1

db67acc396b1f5538f02dd0955bb81bbc1850c2d
SHA256

affde84552187a32735427e932e16791197535c9789a4c8942225246b8c24552
SHA512

e92915a2fca822984987b9dc9b3c9087ce4d74010389b2caa572884a99fb750755047910b516c3aba79ba0f727f583bfc23b770df6fb160445fd044dae1ffed4
SSDEEP

768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpNEmNOmnQBDJ:o1KhxqwtdgI2MyzNORQtOflIwoHNV2Xk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\7b9e47e7a7a9dc8970f9e74c4dc01946_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7b9e47e7a7a9dc8970f9e74c4dc01946_cryptolocker_JC.exe"
1⤵
PID:4012
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
33KB

MD5
2a75dd7dbd2d88c6487e7c04cfd02195

SHA1
85534b9fdda9ff6bda543dcd8239fe28cf3240c3

SHA256
dc70e820c8e9d296fee1e943f15d49b21890668f75bfce0c458a6b54d584eb74

SHA512
b86b5d483b4d0572ca87ba1a3068b44fde1b902f90e83af02d871ed549da320709d5435c637c083b06a562435f79b6f8af74d3ffcb51bfa45c302d00e15fa76c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
33KB

MD5
2a75dd7dbd2d88c6487e7c04cfd02195

SHA1
85534b9fdda9ff6bda543dcd8239fe28cf3240c3

SHA256
dc70e820c8e9d296fee1e943f15d49b21890668f75bfce0c458a6b54d584eb74

SHA512
b86b5d483b4d0572ca87ba1a3068b44fde1b902f90e83af02d871ed549da320709d5435c637c083b06a562435f79b6f8af74d3ffcb51bfa45c302d00e15fa76c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
33KB

MD5
2a75dd7dbd2d88c6487e7c04cfd02195

SHA1
85534b9fdda9ff6bda543dcd8239fe28cf3240c3

SHA256
dc70e820c8e9d296fee1e943f15d49b21890668f75bfce0c458a6b54d584eb74

SHA512
b86b5d483b4d0572ca87ba1a3068b44fde1b902f90e83af02d871ed549da320709d5435c637c083b06a562435f79b6f8af74d3ffcb51bfa45c302d00e15fa76c

Download Submit
memory/4012-0-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/4012-1-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/4012-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download