Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/01/2024, 05:54
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe
-
Size
60KB
-
MD5
0b91133c016e1949cc1e4fead0160b95
-
SHA1
1984082652e6a29abeb5c674d2168bfdc032bc26
-
SHA256
8f201c8ba511fecb930b887a5c4cb3f9dbba3a0843a33beb69cf1a45d33a2ee5
-
SHA512
2be45c1d39fe6d18be95d2f9f0f67ab14b9ec600116117c2892e78d933aaae7a36ef2212a7491285655537d91034df4f796836bc8b464ba1b4576beb92da1bee
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x/9lfL+gniDSAad:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7q
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2712 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 2508 2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2508 2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe 2712 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2508 wrote to memory of 2712 2508 2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe 28 PID 2508 wrote to memory of 2712 2508 2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe 28 PID 2508 wrote to memory of 2712 2508 2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe 28 PID 2508 wrote to memory of 2712 2508 2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_0b91133c016e1949cc1e4fead0160b95_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5911f085d97dee64cb85520bc134e4738
SHA10a45583fc2771e143aa2331b08bf0725a01bf83b
SHA256fb32a6d83ee73119fcae0c247c31ca19e4b086358405fd0689bee7d66fe1ae32
SHA512b8e38e5256fbc8f238b79e4245553a764f3893340e4566cfed652fdbb0fdd97c757911622ffe1e801ed91c3f7dfd0eb3e5cc99911060864327e5a6081233c2fd