Overview

overview

10

Static

static

10

2024-02-24...er.exe

windows7-x64

9

2024-02-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    93s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 00:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-24_0fc9742d6541b0c9074677d621a31264_cryptolocker.exe

  • Size

    46KB

  • MD5

    0fc9742d6541b0c9074677d621a31264

  • SHA1

    08a8d8863a27a60c22976204e49f919f47100b56

  • SHA256

    c02ee31d8682959924b7a95f49b290af4e1ec4aa559bc464936b8389bf735fae

  • SHA512

    affd3ab1f22bfadcb88d6447269c67032b5c1bebdbaf09d6910f6c6bf11918ab64ae123c25871645f9f43fd7e5ba5140b4a26b441727560d7fc1920ec65cb4e3

  • SSDEEP

    768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpebVIYLHA3Kxy:o1KhxqwtdgI2MyzNORQtOflIwoHNV2X/

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-24_0fc9742d6541b0c9074677d621a31264_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-24_0fc9742d6541b0c9074677d621a31264_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    46KB

    MD5

    fc19f4de93e67d5de326e2332f0a7c1b

    SHA1

    6886711d89c315162256b92fa4a6c0bb9366378c

    SHA256

    8690d254f2bc435ed45e5107b3de16a4be263794534b83c8adde685d4f0301ff

    SHA512

    665f3e8207ea4e5f5a29ad2a12ec3e307b02d57ba77c18b19d33d1f08a27214116a02138ecded05efbf5f7c42d5f1fb395502859dce16f0af077faf6b257d743

    Download Submit

  • memory/1356-21-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1368-0-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1368-1-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1368-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download