Overview

overview

10

Static

static

10

2024-05-31...er.exe

windows7-x64

9

2024-05-31...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    95s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-31_fb13e8ba9470c8b465a08fb52f8e5dbf_cryptolocker.exe

  • Size

    68KB

  • MD5

    fb13e8ba9470c8b465a08fb52f8e5dbf

  • SHA1

    e55bcfc0e66f22ad7c6351b991ab7761603135e0

  • SHA256

    a6f3a07018e6fc17a08dded59c71cd882bc44d5663ef86a77ddc7040e8425d52

  • SHA512

    a0dea9db9bb99058fb4af13722b977a42df92c4dfebcd48a61b0777ebd0448e32d08ab8703cc36cf54d6ccd23f1055c15a9106c2d3d6903347137d775f2fae3f

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszudnYTjipvF293vaRLE+:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7G

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-31_fb13e8ba9470c8b465a08fb52f8e5dbf_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-31_fb13e8ba9470c8b465a08fb52f8e5dbf_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    69KB

    MD5

    6cbbb3c5b52b25d8687b2ad94b377d3f

    SHA1

    09f0a486bf2253e58cbdcd8187086eda51773dc9

    SHA256

    624dcc8a87b56b8efcbebc631d10ec9201ddcb075840e506a4b6f719161f56b6

    SHA512

    0e04f9a1cf53370a7e5a25e6bd0f401cc2d8b382478c3c252a06a89b637e06259c3aa091039fa8645c9ad7570a204b5fa44f61c40215287f52e8d976a670103c

    Download Submit

  • memory/548-25-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2132-0-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2132-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2132-8-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download