e1605a4d7169839a9502960d561f49d084210fb241ec7eeb229c55adaa3c903d

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe
Size

65KB
MD5

fd0cce3abba6b2d10f77661f70b71b32
SHA1

a149ec18e4b94e2bbe6a752926f61658a863eea5
SHA256

e1605a4d7169839a9502960d561f49d084210fb241ec7eeb229c55adaa3c903d
SHA512

93ba97240a42d42ef958607b871ce7bcab59b5f4078d4ad5a0f163a3365bfdb39543274999e5c7d0773ced41a87c96309f3d082a2d7573d53fae33efb0123c81
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszudnYTjipvF299Nh:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7j

Score

9^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\hurok.exe	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\hurok.exe	CryptoLocker_set1

Executes dropped EXE 1 IoCs

Processes:

hurok.exe

pid process

2524 hurok.exe
Loads dropped DLL 1 IoCs

Processes:

2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe

pid process

2176 2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of UnmapMainImage 2 IoCs

Processes:

2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exehurok.exe

pid process

2176 2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe
2524 hurok.exe

pid	process
2524	hurok.exe

pid	process
2176	2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe

pid	process
2176	2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe
2524	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe

description	pid	process	target process
PID 2176 wrote to memory of 2524	2176	2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe	hurok.exe
PID 2176 wrote to memory of 2524	2176	2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe	hurok.exe
PID 2176 wrote to memory of 2524	2176	2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe	hurok.exe
PID 2176 wrote to memory of 2524	2176	2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe	hurok.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-22_fd0cce3abba6b2d10f77661f70b71b32_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
65KB

MD5
d6a3b7edff4e6de9ed503afab5dc0f9e

SHA1
25e902fd47c5d9096409bb1652d1daaa60a5281f

SHA256
107224ed4cbe3f2e224ed8df0c5335d82b15d56f7d7e2d84d9475f0d99fa1b8a

SHA512
a1ad87052ee1329d34209ea59f6a8ee47d17664c708465c967ea14f376949f793115a5dc40e1ac17fbad88cccbd3d52dc9d311281719ca47b79e5774ce3a734c

Download Submit
memory/2176-0-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2176-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2176-8-0x0000000000320000-0x0000000000326000-memory.dmp

Filesize
24KB

Download
memory/2524-16-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download