a4fb4ab5c310c8fb7953dbffca337f312875cd8c13b29db422298781b4c64db0

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2023 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0529bf084cdfb502844cde27a97fa3d_cryptolocker_JC.exe
Size

56KB
MD5

b0529bf084cdfb502844cde27a97fa3d
SHA1

5c8fad688a70557f1dccc741247c7a9badf4d58d
SHA256

a4fb4ab5c310c8fb7953dbffca337f312875cd8c13b29db422298781b4c64db0
SHA512

c90690f1a1a09e6a98692595eff0ecaec268eb7a2a4c1c70d71dec3c0bdd5340e16e9da017c9e4152f9e9e1b9747f9dff1aeb137cfb14831a9ba39509e5ccd46
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x/9lfL+gniDS2:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7T

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1500	hurok.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1500	3992	b0529bf084cdfb502844cde27a97fa3d_cryptolocker_JC.exe	83
PID 3992 wrote to memory of 1500	3992	b0529bf084cdfb502844cde27a97fa3d_cryptolocker_JC.exe	83
PID 3992 wrote to memory of 1500	3992	b0529bf084cdfb502844cde27a97fa3d_cryptolocker_JC.exe	83

C:\Users\Admin\AppData\Local\Temp\b0529bf084cdfb502844cde27a97fa3d_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\b0529bf084cdfb502844cde27a97fa3d_cryptolocker_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
56KB

MD5
b8b4deb96fc29ebdd5e3ec04ed474356

SHA1
7787ef3bf85893e0bc36ec87d10a207d7d744974

SHA256
b7a7dc47384e854255b6bb3db3ef201ae96fc1966a5ff0ccf40afbce5293bb69

SHA512
7c61126e797e655429d2701f20466f97cdc4cadb0ce21d9e9db99e76fdfd1df002aa20792370e74480ce1f0ef3ec927e1a18de95611bca1b51e4f86505cbe26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
56KB

MD5
b8b4deb96fc29ebdd5e3ec04ed474356

SHA1
7787ef3bf85893e0bc36ec87d10a207d7d744974

SHA256
b7a7dc47384e854255b6bb3db3ef201ae96fc1966a5ff0ccf40afbce5293bb69

SHA512
7c61126e797e655429d2701f20466f97cdc4cadb0ce21d9e9db99e76fdfd1df002aa20792370e74480ce1f0ef3ec927e1a18de95611bca1b51e4f86505cbe26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
56KB

MD5
b8b4deb96fc29ebdd5e3ec04ed474356

SHA1
7787ef3bf85893e0bc36ec87d10a207d7d744974

SHA256
b7a7dc47384e854255b6bb3db3ef201ae96fc1966a5ff0ccf40afbce5293bb69

SHA512
7c61126e797e655429d2701f20466f97cdc4cadb0ce21d9e9db99e76fdfd1df002aa20792370e74480ce1f0ef3ec927e1a18de95611bca1b51e4f86505cbe26d

Download Submit
memory/1500-19-0x00000000005D0000-0x00000000005D6000-memory.dmp

Filesize
24KB

Download
memory/3992-0-0x0000000002300000-0x0000000002306000-memory.dmp

Filesize
24KB

Download
memory/3992-1-0x0000000002300000-0x0000000002306000-memory.dmp

Filesize
24KB

Download
memory/3992-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download