Overview

overview

7

Static

static

3

2024-01-01...er.exe

windows7-x64

7

2024-01-01...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_f7f30c1825b8bcb739d59ec159f46c82_cryptolocker.exe

  • Size

    60KB

  • MD5

    f7f30c1825b8bcb739d59ec159f46c82

  • SHA1

    7d6399767040ad84bf440cd4a335fb8206b0d56d

  • SHA256

    2b50958909d7caa91815f75d5fe2803bf3106cde52441f11fae610484d211846

  • SHA512

    1fc0fc1d1eda7aa47a6e325e13953cefc5cd438e9fb6b5c3a71542cfaca9441e867008861d1cb45b3a0a32fa9517bd3be7cd0d71bbc7678ec59538ae0f09e03f

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0oj670X:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7m

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_f7f30c1825b8bcb739d59ec159f46c82_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_f7f30c1825b8bcb739d59ec159f46c82_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\hurok.exe
          Filesize

          60KB

          MD5

          7c173d8aed8250f648ff026b1662e202

          SHA1

          5bdb85ff00aeb3905fb9095cb9f9d28c3a2c5455

          SHA256

          0c8b7cdb7eea55712d6296ae5b11ef651cc58c507ebb672c888a08026a205b9a

          SHA512

          95822defb54c3672e1c8568fb68084b407d5cab3c8da5f163f36df4929afea8a88bae2191fb64d29e5345afa806eea4f203e77559518315bcfea60a66c3e8712

          Download Submit

        • \Users\Admin\AppData\Local\Temp\hurok.exe
          Filesize

          22KB

          MD5

          9481b0a2c6d2a703bdb3c2301aca533e

          SHA1

          f2ae5a5e28593aefcb4b29dcc5464bf18166ad88

          SHA256

          4c454aa5a00c947d37e08dd81ab0542451d0276d22de9de0b8ad5d5ec87c12f4

          SHA512

          6c3b4e85aa0205d2ef242b68f1c1a05b2115b167ec67ca66bbacefc88ce3a6cfec6b03c46954ff08c8b5d23e418020db3e223256080ff5630e8cc41126dc429f

          Download Submit

        • memory/1620-1-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1620-3-0x00000000003D0000-0x00000000003D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1620-0-0x00000000003D0000-0x00000000003D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2668-23-0x0000000000230000-0x0000000000236000-memory.dmp

          Filesize

          24KB

          Download