Overview

overview

7

Static

static

3

2024-01-10...er.exe

windows7-x64

7

2024-01-10...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 05:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-10_f737b22d000a1688a888eb5cb92b5f10_cryptolocker.exe

  • Size

    41KB

  • MD5

    f737b22d000a1688a888eb5cb92b5f10

  • SHA1

    1aae2170bd04088be9c6daf81b3fa171380f4597

  • SHA256

    408738bba4c030c80990f2c7eb77bb1ce6f4951e398b5abb344e003954fbb64a

  • SHA512

    5f5786bae6dabfb3590400e920870b851c6889e839f8f0a6e797cf44aa641424a5902717470edb82df522a95c36d8e5375de66589310556c464be117c35f0b20

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4X0WcO+wMVm+slAMRqrwGy:bc/y2lkF0+Bjrdy

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-10_f737b22d000a1688a888eb5cb92b5f10_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-10_f737b22d000a1688a888eb5cb92b5f10_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    PID:1084
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
        PID:3696

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\rewok.exe
            Filesize

            41KB

            MD5

            2df7f4649c5d1c8481350dcb108766c1

            SHA1

            f6919d9864e200789ca5872961fa0597d083d8d2

            SHA256

            8425701d6f2f94f0b69d02d9aee4efb6b4c29854d4cec9536313337a250d4a0f

            SHA512

            3ad4571aa7cb5f456183f83614d2d16c29ff2993a019efe3b0da599f9a439727b89f759163c2a8487acbd3dea7d1133fb14751abe09d68585aada8704d3a2bee

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\rewok.exe
            Filesize

            9KB

            MD5

            dc3180dad5e73673c4dfe59807ede94b

            SHA1

            8b2b86cf2db1f1e7e4b356406c403404e1a45e07

            SHA256

            5762ddc8822d9a834f20024b942153365321f60e9dde8ad571894cda2914d667

            SHA512

            3351d905fe7b202ad5e1d4dbc87bdde2a31b28d423d379a22bde2f5d48f235af40b22585832996c84373841458f59ede7226fc1e2c4bbf7d58c6c6f26adbf36f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\rewok.exe
            Filesize

            1KB

            MD5

            6d0c6cafb12dffc6d5c23db3ffc72b97

            SHA1

            393e321ecf2bb72861ebb48c59d4d658a0bf0ccd

            SHA256

            09a6b96ddb56cb35dc1aa6d28d0e134bd011eb96c76cfda7a33dc956515ebec1

            SHA512

            257fb88d18d80e1e4f87c300b37f11a43ede59f0c2c79d260b1d2849a7772c76dfa5f0677499739ffa93b8941d5b2e7c13d1e1f268374e2ad06229e1b3a37b5c

            Download Submit

          • memory/1084-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1084-2-0x0000000000400000-0x0000000000406000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1084-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/3696-19-0x00000000006F0000-0x00000000006F6000-memory.dmp

            Filesize

            24KB

            Download