Overview

overview

7

Static

static

3

2024-10-02...er.exe

windows7-x64

7

2024-10-02...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-02_10e20f05028008b7bdce7074ffbb13bb_cryptolocker.exe

  • Size

    56KB

  • MD5

    10e20f05028008b7bdce7074ffbb13bb

  • SHA1

    0794b0ce2b189316f5399cc5c54cfd2eb31c4ea1

  • SHA256

    f44ab3b6970ee69e0be9764ae703daba35592685399886c09443de59fb876d6c

  • SHA512

    7c9f337d3d088600e55979dd3140785b93da14056aa2aba1b90a710ea1059f84a43bdc7853a6c47e4ba8b6f501a806cfbc404b73efaa4ac7a95ce9a1c20b3c85

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzpAIX6Ey:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7v

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-02_10e20f05028008b7bdce7074ffbb13bb_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-02_10e20f05028008b7bdce7074ffbb13bb_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    56KB

    MD5

    793da491f16386fc50742eaf863257a0

    SHA1

    f89db3514632a4e5358b57a8e837d9c3ccb34585

    SHA256

    f4d9a30e685a5a4711dd06db91a75f7e5d5f5e4ed5a40df0552f426b03eac264

    SHA512

    a9e7c3d5373587d83561da04d951bec688c72c4331e271339982bce62b83f3f02118076078a6578f69e1e933ff479788f443ab381f7367a4da492d393a57ca54

    Download Submit

  • memory/2772-0-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2772-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2772-8-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2860-23-0x0000000000230000-0x0000000000236000-memory.dmp

    Filesize

    24KB

    Download