Overview

overview

7

Static

static

3

2024-01-09...er.exe

windows7-x64

7

2024-01-09...er.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_cbe73db63093ed2b487c7a0fdd521a9b_cryptolocker.exe

  • Size

    36KB

  • MD5

    cbe73db63093ed2b487c7a0fdd521a9b

  • SHA1

    bbefda87f95f99bb65d2c11289b834e281c99e06

  • SHA256

    622260be739345331bbfe6848afadc06c7f4aa9666f747f64e3fa55492d885fc

  • SHA512

    2b757355278ddefc531e47560f0b9836bb36581de6dc031e77cfed346c0b418d954eee7f6e41700a331efbc8e44889948acab1361e1985c8bb9894900106ff62

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunrkwc:btB9g/WItCSsAGjX7e9N0hunrkj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_cbe73db63093ed2b487c7a0fdd521a9b_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_cbe73db63093ed2b487c7a0fdd521a9b_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    37KB

    MD5

    47d421cecbc52e4e4ecbc3d934e4e1e8

    SHA1

    6b3053b58c7b66fbb43f3c6bee159fa0dc0d616e

    SHA256

    538c2e526b58f4a96b46430c3f445154518be72da704d88759045c085f912022

    SHA512

    32b2a27f667c3fea88aec752df969be5044ce41e7522530325ac12ecacdd32ee2faf651773bf1960e2ea7f079e9182ad8f4476bc87a6ad6f4a56581d39d71a8e

    Download Submit

  • memory/1216-0-0x0000000000260000-0x0000000000266000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1216-2-0x0000000000260000-0x0000000000266000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1216-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2144-16-0x00000000003F0000-0x00000000003F6000-memory.dmp

    Filesize

    24KB

    Download