Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
23-01-2024 00:24
General
-
Target
2024-01-23_35f793b5b94c775ebe787f1f01b775b9_cryptolocker.exe
-
Size
31KB
-
MD5
35f793b5b94c775ebe787f1f01b775b9
-
SHA1
23f9436495fda723ec0fe29dea37877b1596abd5
-
SHA256
2866519de8acbee0b2448020376e92835f081af0ff0da9bebfe4dbb6800bde55
-
SHA512
7b058d0052b757b7d446d998f0f4ef85867f1c22ab94d9f2f80ff881d806f225607fd3ecb13be54751cfd7f4f218c7f59384d767668c7ebfa97a53808870169e
-
SSDEEP
384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoCt9R9U1gpPQJ:b7o/2n1TCraU6GD1a4Xt9R21TJ
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-23_35f793b5b94c775ebe787f1f01b775b9_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-23_35f793b5b94c775ebe787f1f01b775b9_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rewok.exe"C:\Users\Admin\AppData\Local\Temp\rewok.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD5b1cc818ae6d837598cc7a843782f94c2
SHA129cf1c548d928e702187c8c75883601b51137012
SHA256b76ca9e5558136f0c397c0f20cbc4c63d9646f161a03d86c1eaba8b4ae2a5e1e
SHA512fbe75a23c79b26b7014b363f29fff5425aaa6fe2fa64abfd65e25d6a808f5f5b254cec97358ebe389d15c934f274eb4c1e602deec8f360f7652541e1a71acad6
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB