Overview

overview

7

Static

static

3

2024052188...er.exe

windows7-x64

7

2024052188...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024052188dd28f1863851efd88a9194d2fc6c13cryptolocker.exe

  • Size

    31KB

  • MD5

    88dd28f1863851efd88a9194d2fc6c13

  • SHA1

    7776640e1f97986788e11bee36672aeecacc8c02

  • SHA256

    98601b764342ce1aee8cf089292471056609918768176859ffa71363dd799385

  • SHA512

    2e18414f9a93ee2672c55ad6ac18c2ce25486f46210415e449f00d11734bc174d79649155f859884738d635829fbb89ec0ffacb729619c83cae101b83959d04c

  • SSDEEP

    768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGbNAKSjNf2ijw:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XT

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024052188dd28f1863851efd88a9194d2fc6c13cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024052188dd28f1863851efd88a9194d2fc6c13cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    31KB

    MD5

    c7c0ca41ec92991ef4548cb4a1eca125

    SHA1

    3f61e01555b21a4b177307d57fdb1539ede31475

    SHA256

    6f3a047aa12c3b33a29fabc39d5f42f953aeb109be7905d0b9617dbd73b59de5

    SHA512

    ae12cea270c27ce821336e872761cab2d48cc7dd93f48e9a42f6e9cdb73dbaf237f9b9be6294259d59e5e0a2822aae22b923b0276dcc70ae60d2da8984e35872

    Download Submit

  • memory/784-0-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/784-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/784-8-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1452-25-0x0000000001F00000-0x0000000001F06000-memory.dmp

    Filesize

    24KB

    Download