Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

9

2024-02-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 08:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_ecae0713c1137463910669a8e54b649c_cryptolocker.exe

  • Size

    42KB

  • MD5

    ecae0713c1137463910669a8e54b649c

  • SHA1

    9ed4a641959f689224009dcc87348acf8695c19a

  • SHA256

    728ae52bddbca69acda424e1f2c2abd82b471c13c5ee306d9a1e294580decc35

  • SHA512

    28fe6d534cdfbb52a29c62aca9a6e6f3ff8c27921bb95b0653c06648a727d22c5401d81a9573326e5973bc43fdce339ddefd8706cf4fb97ddb27a257622761bb

  • SSDEEP

    768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpebVIYLHA3KxQ:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XJ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_ecae0713c1137463910669a8e54b649c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_ecae0713c1137463910669a8e54b649c_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    42KB

    MD5

    10e1843b43663d766543679008b326fa

    SHA1

    72faa0809c7851f25e4cda1f5062dc77ce0df712

    SHA256

    09aeec31e2ef0305b52dd40cb49195ad7dc76e4cefe13431918bbef67878ceec

    SHA512

    84a25b668ded5400cc1990326e037791d6aeeb3abd1e30ac9a7a1510eeba90c6118e90758568544ed29e741f951c5b36635685bf93656833b3a9097b1860f0f4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hurrok.exe
    Filesize

    1KB

    MD5

    0ae86c943e73b93c31b09c71cad9cf16

    SHA1

    3cf50012d956e32a333ad779907f9c553d883665

    SHA256

    1c0942af11bbc24b7422dc5bf8546d9e57d9ea9637819e26dcb0e25163e0ff19

    SHA512

    922081552ce23d45aa8604878bc2aedd4648ee1ca58e3fc3af7ea06527e09a9ad48feca26ffe26c481e0767001c5e858bcbf2d9adb8112ca1d72432f347c9b78

    Download Submit

  • memory/1000-0-0x0000000002180000-0x0000000002186000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1000-1-0x0000000002180000-0x0000000002186000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1000-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4844-25-0x0000000000570000-0x0000000000576000-memory.dmp

    Filesize

    24KB

    Download