c52987bb58a62755a4097b5e9adc6a75cb1262a5d961b4e729d2cea78486ac22

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 06:46

Target

2024-01-08_afa7eb6263eef64f0c52658895fa0b02_cryptolocker.exe
Size

34KB
MD5

afa7eb6263eef64f0c52658895fa0b02
SHA1

ce440058b33e0988742d136b6635a2ec2a2ed705
SHA256

c52987bb58a62755a4097b5e9adc6a75cb1262a5d961b4e729d2cea78486ac22
SHA512

9601f0a0825441c659175e8ecbc04d05f9606e82fc0c3a786f320e63e8024b615ddc2c3c91799d3ae0502acf26aac2f364d327f0f22a1c58e173634f4c07bdf0
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiA0J5z:btB9g/WItCSsAGjX7e9NQt

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-08_afa7eb6263eef64f0c52658895fa0b02_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_afa7eb6263eef64f0c52658895fa0b02_cryptolocker.exe"
1⤵
PID:672
- C:\Users\Admin\AppData\Local\Temp\gewos.exe
  "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
  2⤵
  PID:5840

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
34KB

MD5
5cd092b65f8577739061afd71c17a2c7

SHA1
8abf07a3f54a26418275e8aa897a65f069ee6227

SHA256
91e28850757a152ec019a87c605504958277b2437d631b33beb13f3715262577

SHA512
6e4d618e442ca93d453c10abffdf6418f49ab6269bc0aa8e3bcee2b08c59c4c2c31a8b6cc96aa61f12c95e5364966f1f8ffd88d7a4d67282ea53faa7c6101c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
13KB

MD5
3bf4ec540702d4b049d457ba90345082

SHA1
34b516977a304d9a6fbca54439c80fc4d8269c93

SHA256
88e702998d2b8d0add209f9b3b05e631bd1510adfdcd8677d31c289f4769b815

SHA512
efa6bc8d612b826f3675d822fb3b3c2b9236685d5b9e6b0e1def3ad4981f6914853abe6177b7c736d80d2b6f81b0237970e1c85fc3a0fd3584d5f3e30bbc4df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
1KB

MD5
1ffdf8bd0df2c83e643b24119fae6293

SHA1
e0ee93beef1c7ea672941315e95abbbc5496c617

SHA256
fa64153b9da7b556d4068e34e73be1b0712dacfd6695f3752caffea5ecddc50c

SHA512
f222779099a9b795ad38e2aea63f702b389b347a4d99ca045aec7ef1803d4c2b0ad727f5a1ad6ad522ad358c101773a72db7aec0c342319cb75c6eed553fef56

Download Submit
memory/672-1-0x0000000002350000-0x0000000002356000-memory.dmp

Filesize
24KB

Download
memory/672-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/672-0-0x0000000002350000-0x0000000002356000-memory.dmp

Filesize
24KB

Download
memory/5840-25-0x0000000002110000-0x0000000002116000-memory.dmp

Filesize
24KB

Download