b48514581431f3703bced0f177b56813e7e69a041f07ae420b0c9a75a58ddc6c

Analysis

max time kernel
0s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 06:47

Target

2024-01-08_c1380f186af90144d1f810beafda46d9_cryptolocker.exe
Size

35KB
MD5

c1380f186af90144d1f810beafda46d9
SHA1

1a2e277b355ac083c2166d3a625689801e832338
SHA256

b48514581431f3703bced0f177b56813e7e69a041f07ae420b0c9a75a58ddc6c
SHA512

21f716ade8c65e02093bda3ae231ba00f59123dac25f6c552e2776261b3c1177dc52b21094aaea23f3ac181759b7a239d20218bc589a108f8e9112eba5d4a445
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiA0J5AuNxL2:btB9g/WItCSsAGjX7e9NQt2

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-08_c1380f186af90144d1f810beafda46d9_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-08_c1380f186af90144d1f810beafda46d9_cryptolocker.exe"
1⤵
PID:4812
- C:\Users\Admin\AppData\Local\Temp\gewos.exe
  "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
  2⤵
  PID:224

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
24KB

MD5
a4e10d94fef35bdde4e31d502d1ab0c9

SHA1
4c78c1160f43dfb68e5924f890795e52835077c3

SHA256
3755689bc29c423a99b6135f5dae4bf5e8b6e88aa6d8fd50390b78aa63f25679

SHA512
b33e629faf3a172a6adc6a6bb0afff159ab7e9f814ade518a3c9952a161af5baf6b934781ee0aa95a01184afab5700432a2d468baaae6d83bc06af24a15f884b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
9KB

MD5
4efe9b4aee0fd6b8323f008f432fbfb1

SHA1
9f0365900087b6a5d9a36881165a27c0d173083a

SHA256
ac942e06b44b4f1cbdb844e48985a923795ad7e00ee533a3fcf4a47eb666622f

SHA512
92cc2a609a6d2c8940ada141f55df50cb95c99709f0c3ca8c910509546f4578592a69dca53d105a34873fa960a37b98ef2d7d66323c148f57a30d759242559e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
35KB

MD5
03d4ecfe53de4b3ea2f3ce0c61552e47

SHA1
37c462c06657a1833240d5e368cbc291ff96747a

SHA256
8bcc7109e20382f860e8a8444ed26f89b720f576fdfbf422f500b3440ae4e0f2

SHA512
ab33bbe6cb18732c40117f12e34aafe66e56416a2f5cea931ac86b0684f89c22582cd79be80d18a62e4990cdb02ac35e25c0239495c4cf5cbc66979b8a8c7f61

Download Submit
memory/224-21-0x0000000002110000-0x0000000002116000-memory.dmp

Filesize
24KB

Download
memory/4812-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download
memory/4812-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4812-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

Filesize
24KB

Download