Analysis
-
max time kernel
91s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
02/05/2024, 10:37
General
-
Target
2024-05-02_602ab20269159d17e7ae9e0bc3ddf79a_cryptolocker.exe
-
Size
52KB
-
MD5
602ab20269159d17e7ae9e0bc3ddf79a
-
SHA1
dbca8088b2914409a3ac48c464716381203c12fc
-
SHA256
f6707886e2375e00795d91d0061282d38599fce01f6df24dd2cac083ba000511
-
SHA512
4d7984875330f434278272d8e5db81d5f07f1bf5c3ab69b8acfe2f3fa82addc9e29366fd6782f86c23e7f7aadc67afc19ecbf6efd47992b61b00e1022647a737
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzpAI44:aq7tdgI2MyzNORQtOflIwoHNV2XBFV78
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-02_602ab20269159d17e7ae9e0bc3ddf79a_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-02_602ab20269159d17e7ae9e0bc3ddf79a_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD556d2562c21ab15606a811bb67a042a66
SHA1bc63eda97f8ed75a875f9e8c13f1cad039df240d
SHA25663af45d40d6cdda3c90de25a1cb570d23dba9aa0414edfc27e89235685c4382c
SHA512b51c874a42a143e17072eea8f0f404c73ff74db6d081136574545429d594e2879dc55186e95c1f17781fde356218ea8d5f9b00f728e37b6bee0a44e017967c3b
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB