Overview

overview

10

Static

static

10

2024-03-10...er.exe

windows7-x64

9

2024-03-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 15:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-10_1c151e929a26c6c145752b912b46a298_cryptolocker.exe

  • Size

    62KB

  • MD5

    1c151e929a26c6c145752b912b46a298

  • SHA1

    a18f0a4f8d81b11ca0f9604b12ce113a014a2006

  • SHA256

    6b74e53acc640e97bf3d2cacbc485961352fc72c39126a8a2c72804e7112246d

  • SHA512

    7bc98ed887bab7098672109b54265e0a3f7dfe0afb26c4233ef7c39a5a0a5dc8459627e918a8c4743e481d77d09a96521f692e990711696c5296171281a064a9

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszudnYTjipvF293ol:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7Y

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-10_1c151e929a26c6c145752b912b46a298_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-10_1c151e929a26c6c145752b912b46a298_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2648
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1044 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3644

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\hurok.exe
            Filesize

            63KB

            MD5

            617548072d9907c89479f887d9855368

            SHA1

            7ddadf8d6217d7976dc37ae47b9406825316c510

            SHA256

            6dd154eead3e37a553f533bc456bfd86d8c6a2149226829080684271b2b7d989

            SHA512

            cb92db242a399dbc01015c1175a15027a646157c339cea63744fc5a6985e2a6e0881b3e7e65ee5eab2de42d410d6515eef929902c42a6e7dcd825e8fcf2adfe3

            Download Submit

          • memory/1596-0-0x00000000004C0000-0x00000000004C6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1596-1-0x00000000004C0000-0x00000000004C6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/1596-2-0x0000000000400000-0x0000000000406000-memory.dmp

            Filesize

            24KB

            Download

          • memory/2648-20-0x0000000002040000-0x0000000002046000-memory.dmp

            Filesize

            24KB

            Download