Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 17:28
General
-
Target
2024-01-25_551d348462912a2cfa84137fe5e59b77_cryptolocker.exe
-
Size
49KB
-
MD5
551d348462912a2cfa84137fe5e59b77
-
SHA1
a6c524bd7cbf523e86b61868fc23545e019fb29f
-
SHA256
6a394bdb01917d9ee7dcddc9bf20fc49a817dc3c145ad3cef9119b626161c2f4
-
SHA512
78ccdc6a7f5f1ad1dfc0859b350f3d2a19560b1b3a5b4be2dfc638ffa4ad2024d3c26ca56a502ace27f216cc637b7baee7bd9f492c4a07a364a27948e0494148
-
SSDEEP
768:btB9g/WItCSsAGjX7r3BPOMHoc/QQJP5wjvaHYwiqu:btB9g/xtCSKfxLIc/E1au
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\gewos.exe"C:\Users\Admin\AppData\Local\Temp\gewos.exe"1⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_551d348462912a2cfa84137fe5e59b77_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_551d348462912a2cfa84137fe5e59b77_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD5a44901e5a3aac6c2ff069d9a2a2375d3
SHA1a995b138836f5ac5006e9cf2f7c909c5820ed5a0
SHA2562a0d7a4e1f8a7049f247c65b06382b7122bbfe02430c0b0e935de53bebfa7378
SHA51210042041b75bff5c8685e3bcd3ba2d4580e74db87bba41dc6bac15f5a21fbedb23bc47307ee62722a5c2c33bde8b405d7977add5424a05647676784e2e4ae77b
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB