5bd1c283bd09c0e1d0e0c4a6513a893e15ae9580871e284fb2182494f2972128

Analysis

max time kernel
0s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_f8ab702bfac0df7c46dc43eabee66ee5_cryptolocker.exe
Size

40KB
MD5

f8ab702bfac0df7c46dc43eabee66ee5
SHA1

6dd91b50b2d05b145c3ca745e6f5dd64d469f5db
SHA256

5bd1c283bd09c0e1d0e0c4a6513a893e15ae9580871e284fb2182494f2972128
SHA512

d8b1c20210b33898eaa5303c0be8eddfbe49f566a1410e92b779246e73884d02358722de35227214ff754fdf17c74e006b6ecd395a55e396e07a988be645bb9e
SSDEEP

768:b7o/2n1TCraU6GD1a4X0WcO+wMVm+slAMRqrwu:bc/y2lkF0+Bjrl

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation	2024-01-09_f8ab702bfac0df7c46dc43eabee66ee5_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-09_f8ab702bfac0df7c46dc43eabee66ee5_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_f8ab702bfac0df7c46dc43eabee66ee5_cryptolocker.exe"
1⤵
- Checks computer location settings
PID:1884
- C:\Users\Admin\AppData\Local\Temp\rewok.exe
  "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
  2⤵
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
15KB

MD5
854ced841727459edf3711e7ef2bacfd

SHA1
677557efb21396cf2e3fe5e47e2564cd356021d7

SHA256
44d846609c15a685019b32ce0fa52e01a1e796e56312c9da59e5edf37cfe440b

SHA512
abd673f205ceff7ccbd15a444b6e3415bdc7a56f2734e5043eaa7ace9b8a049baec38f0e70aceff5d23150135e1d4b7ab3d7ed2957edabdcb79d7ce4983a2b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
1KB

MD5
6d0c6cafb12dffc6d5c23db3ffc72b97

SHA1
393e321ecf2bb72861ebb48c59d4d658a0bf0ccd

SHA256
09a6b96ddb56cb35dc1aa6d28d0e134bd011eb96c76cfda7a33dc956515ebec1

SHA512
257fb88d18d80e1e4f87c300b37f11a43ede59f0c2c79d260b1d2849a7772c76dfa5f0677499739ffa93b8941d5b2e7c13d1e1f268374e2ad06229e1b3a37b5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\rewok.exe

Filesize
26KB

MD5
948f8658841be1b1b4a1438a91f9c948

SHA1
65f3fc61c5cedd193f8cea5f51d4754035e6cdd8

SHA256
902740ee153e51bae2eb64341fb3ad171e45d0b1c3bb0a4785634ad347cbf6f1

SHA512
ae87378c4c4859794d388e72c6a5ec1ff1848d2e96357ec7b59db7a189b12c1de1d1f1cd5017585f81088570655a5a564701fdd6b270fdfec09ded669c130768

Download Submit
memory/1884-1-0x0000000002090000-0x0000000002096000-memory.dmp

Filesize
24KB

Download
memory/1884-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1884-0-0x0000000002090000-0x0000000002096000-memory.dmp

Filesize
24KB

Download
memory/2660-25-0x0000000002D60000-0x0000000002D66000-memory.dmp

Filesize
24KB

Download