Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
04/02/2024, 01:28
General
-
Target
2024-02-04_451a72ad7670a0db168f304e7ade9c13_cryptolocker.exe
-
Size
32KB
-
MD5
451a72ad7670a0db168f304e7ade9c13
-
SHA1
a50fa531c9929ee50e16ae9c0fbb56a6ad2cd709
-
SHA256
aeab6e664de66eda4571619a79f054e4242fe2dbed0406f01c72adcc461b7d0b
-
SHA512
697c4c7dc712801ab800b1ba63266870327526ed0c12bed605dd71d85eb98af9f02948ecabfd978a9955c6f63939e1ae27ecab7701be56ebaea780d6e70e0359
-
SSDEEP
384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoCt9/B1RU3P:b7o/2n1TCraU6GD1a4Xt9bRU/
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-04_451a72ad7670a0db168f304e7ade9c13_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-04_451a72ad7670a0db168f304e7ade9c13_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rewok.exe"C:\Users\Admin\AppData\Local\Temp\rewok.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5559f3cedd070d3d4d43062395be49494
SHA13fdbde1b84d0b17e28733ceb568724dbe9e88cc3
SHA256222dfd2c2373528ee20356ef33205f100b68f676a59f2c0e32438c41c2bca77c
SHA512b137f2c1e54911d6bd285d8129f910e7a41eb8e1e22863c01c5aa334d3cd1b49470467800c60ff2779dfd680985f9e2f8ab9003a3089bbeb18fc5376744b17a1
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB