Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 14:37
General
-
Target
2024-03-19_61d953abbee258995323a867a8e4e607_cryptolocker.exe
-
Size
42KB
-
MD5
61d953abbee258995323a867a8e4e607
-
SHA1
217848b9b20f2034e937ae57d1ff6a826ad809cd
-
SHA256
7f8dab3d4fd41b6846aceb02ccd080ef28e1a44c5002f4f676d0151b2b19502a
-
SHA512
b2bd271c3b8224b7aabf044fa51a9d7772c2890ece88ee972d4d3dad022bf31ec8357bc4635260f5c255e6617b9c2c0eb9ac2b12627498db93c5632bf952dfbc
-
SSDEEP
768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpebVIYLHA3KxU:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XV
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_61d953abbee258995323a867a8e4e607_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_61d953abbee258995323a867a8e4e607_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD5c8223928f4e3e5b7a0c8f8465baf60a8
SHA176cc86835218f3067348a98ade91d209e8fcb3d1
SHA2565f62a6d034cfa3beed05ce6723629841c02b97c3511ff7c610379f671a5cc7d1
SHA5127937552ee94af92f270365903a555c29781b865bb30d30d367291ff28b8d7a1f3f6556d8abf87c2326fb2afa01bb24c270131cc1abbd8b4898bd61f37fb8c6c8
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB