Overview

overview

10

Static

static

10

2024-02-14...er.exe

windows7-x64

9

2024-02-14...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    85s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-14_b875049c5bdfbdab6b261d81c29b8310_cryptolocker.exe

  • Size

    41KB

  • MD5

    b875049c5bdfbdab6b261d81c29b8310

  • SHA1

    f2b6bfaf79bd1fc86d28b3d53a4f733d9df111d2

  • SHA256

    a9eebfd037bdbe6f9eff6cdaa45ef57578b256f13b53d92b9b8e730b965c7df7

  • SHA512

    a62740671ec6fb4b1d64ba442152c28a3ccf03b1ffb295e28ec7af2d1ce04d79c4a76f7db1ff36f13dbe33f7734a4eb26d39c899ea734f461f1e083b0ac71fc7

  • SSDEEP

    768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpebVIYLHA3Kxh:o1KhxqwtdgI2MyzNORQtOflIwoHNV2Xg

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-14_b875049c5bdfbdab6b261d81c29b8310_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-14_b875049c5bdfbdab6b261d81c29b8310_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    41KB

    MD5

    474428d9794f69751dcd3a7730372913

    SHA1

    861d2b037c4b24d4f1c2c94451a4e0783b8b50ea

    SHA256

    ca2bf318b44d1525deeff1b8bfec4f81a0970fd94f2fbbd2a2cb0bc7c1d3ef8b

    SHA512

    f93984123a9a7ff1007b9090cf0a0b8d4c15770a48ab458607822494d3604b8fe05045e07135b186444dabe13d3f08ba37e8cf1a9106a559914c66f2d8a98009

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hurrok.exe
    Filesize

    1KB

    MD5

    1034b68f1e4b266a16479b8a95b60766

    SHA1

    330f439b2f698d2d1b86db7baddd2e71f565333b

    SHA256

    ff689b42290bf0fcff5338febadd3c594b6046d7c462ff4fa2d24d7e71f8cea9

    SHA512

    4e350eed2f642a16d09278329b535c5f965eb541952c2bd2888b0b25ca3565d96f6d5a0fd970bfa598e9f9f9811435c4304377a478d66d3b8d4d95f64d5063ef

    Download Submit

  • memory/3668-19-0x0000000002130000-0x0000000002136000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4132-0-0x0000000000720000-0x0000000000726000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4132-1-0x0000000000720000-0x0000000000726000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4132-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download