2fcbeb1c8d383538a8a86818597397d31a1de7eb3f7a89379b70aaef0874d0b6

Analysis

max time kernel
0s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe
Size

34KB
MD5

7b9a781bb7115f7cc2c344ae2edb6248
SHA1

3de1b8818ad4c43564c8568faf2ba9d473f44b5c
SHA256

2fcbeb1c8d383538a8a86818597397d31a1de7eb3f7a89379b70aaef0874d0b6
SHA512

366b73d94b364e223c87c73c416ac70a31381a65b3f6f47016d327819149fa97dd9717a3f782fee121de062dc3e7bac6173bacef438aadc34551113566afd206
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiA0J55:btB9g/WItCSsAGjX7e9NQn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2312	gewos.exe

Loads dropped DLL 1 IoCs

pid	Process
2536	2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2536	2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe
2312	gewos.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2312	2536	2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe	13
PID 2536 wrote to memory of 2312	2536	2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe	13
PID 2536 wrote to memory of 2312	2536	2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe	13
PID 2536 wrote to memory of 2312	2536	2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe	13

C:\Users\Admin\AppData\Local\Temp\gewos.exe
"C:\Users\Admin\AppData\Local\Temp\gewos.exe"
1⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2312

C:\Users\Admin\AppData\Local\Temp\2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_7b9a781bb7115f7cc2c344ae2edb6248_cryptolocker.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
1KB

MD5
1ffdf8bd0df2c83e643b24119fae6293

SHA1
e0ee93beef1c7ea672941315e95abbbc5496c617

SHA256
fa64153b9da7b556d4068e34e73be1b0712dacfd6695f3752caffea5ecddc50c

SHA512
f222779099a9b795ad38e2aea63f702b389b347a4d99ca045aec7ef1803d4c2b0ad727f5a1ad6ad522ad358c101773a72db7aec0c342319cb75c6eed553fef56

Download Submit
\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
9KB

MD5
ceb46fd2112fc02d26deea747f34fa2b

SHA1
814310e0645f87996c8806621ccaae236169ece1

SHA256
a945c1cdb3218c1729a2240ccc4cf043fc22e85ee6e8e0aa14b6b67aa4fd468c

SHA512
bc3054d0564dfb29dde7fdd78563df9fb635a18b1662b6613950a8d3dfd45a54ffe01e1aaf1ea0194490654aacc20d6aa0ec5765356cf3b455f89bda49ebee66

Download Submit
memory/2312-23-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/2536-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2536-8-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download
memory/2536-0-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download