Overview

overview

7

Static

static

3

2024-07-22...er.exe

windows7-x64

7

2024-07-22...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 15:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-22_67d7ed85179490bc420f31dd0068f353_cryptolocker.exe

  • Size

    68KB

  • MD5

    67d7ed85179490bc420f31dd0068f353

  • SHA1

    bc50bebe69f3c8e89aa9967635cec2191a963d28

  • SHA256

    d29f82e95e17ec7e5ccb5dea0d8ada38a61f26f548e90535c3b273e415e977a6

  • SHA512

    238cc18cdfe27db9bb888597d2ba4b8a3064280e6a8891a14d66a263f80c4d1d55a24486a894d8eb2535d4f308bf365fac241a8549d6ab1ccd4d9de138603137

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszudnYTjipvF293vaRLED:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7L

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-22_67d7ed85179490bc420f31dd0068f353_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-22_67d7ed85179490bc420f31dd0068f353_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1844

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\hurok.exe
          Filesize

          68KB

          MD5

          a3c1b26a6d70b59a808a9f24df0a44de

          SHA1

          873cb8a46cdeb3c3bd39942ea08e24dcf5bac876

          SHA256

          3d38be573ad57f5e1eaa9af0317fd018ac2d92cf4ff000bc9c71afe521f72bc4

          SHA512

          9dfec3c59b0c78f7e9ccce06b970332eaac61f5b8d0b840cea7149e21337aa8eaf085bb4dd07b2fb0b659f78a1d5c5a83204c5ef63859b5cc4dc7a0202a63c8e

          Download Submit

        • memory/1844-23-0x00000000001C0000-0x00000000001C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2968-1-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2968-8-0x00000000003B0000-0x00000000003B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2968-0-0x00000000003B0000-0x00000000003B6000-memory.dmp

          Filesize

          24KB

          Download