Overview

overview

10

Static

static

10

2024-02-03...er.exe

windows7-x64

9

2024-02-03...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 03:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_0be230b32121e069fcd01c63a70f8eec_cryptolocker.exe

  • Size

    59KB

  • MD5

    0be230b32121e069fcd01c63a70f8eec

  • SHA1

    e7e64febb2576a37dcfb212ac897b268132c178a

  • SHA256

    08442abb36249b91e1e321aad4635ab55c91c1b3380573611a5a5f167dfcfdf9

  • SHA512

    c4d0f5a3d5823690cee19ce3cda03831b5c9c44f1827046e4c3d538b5b67503772e23233f4e945b8c31f24e92536ba38e441e11bce41a119989a299fa7a169e7

  • SSDEEP

    1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHN5:btng54SMLr+/AO/kIhfoKMHd+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_0be230b32121e069fcd01c63a70f8eec_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_0be230b32121e069fcd01c63a70f8eec_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      PID:4424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    60KB

    MD5

    c5c61a2ad5d3e63083ff5f27992fbe5f

    SHA1

    84923bece46ed1cb44429b3bbb21c25446ed29cd

    SHA256

    007641cca4cbddf067342484af7896a4fd60731bad590443c48a14d0344ac729

    SHA512

    f34fdaaed4c016498f1482332e17eb72cd020a97b025c4caa9dc4e85327c91baf811115724b11b3a57a912cd992bd957b512c72c31a57a51f8c11ba622964d55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    23KB

    MD5

    fa5d326e71746987d890c351d078193a

    SHA1

    aa9afb01d3bd37b03bbe8a660bea204c7931e414

    SHA256

    19aa739810d55c9a357528ec68bc1ed3410c87245485006363094b625a470915

    SHA512

    994508cdb66a64566f7ec6b1534fd29097e0b811c0a31917fe1e55a0d44bce5df561f92bc7215f26ede4510e44e811c2fe7afd9837a687494edc1f8419bf10df

    Download Submit

  • memory/2956-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-1-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-0-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4424-20-0x0000000001FD0000-0x0000000001FD6000-memory.dmp

    Filesize

    24KB

    Download