Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12/02/2024, 14:05
General
-
Target
2024-02-12_fba70ce59d790880a26714bcbe43bbe4_cryptolocker.exe
-
Size
34KB
-
MD5
fba70ce59d790880a26714bcbe43bbe4
-
SHA1
aa756201012668ace3d82f2b0bd0941006be7592
-
SHA256
76a3bbfba0469631fbf21b79d6349268083addd4710edd570807312049a9642f
-
SHA512
cb5edc3e564eb109db78f7e2fec15d5106c8b0c2961ed12f75cb5640759cae9009824e8cb176ca10242fafc7596236d158804803c7c83fd9296bb0d7e11a747f
-
SSDEEP
384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiA0f9HMn0s:btB9g/WItCSsAGjX7e9N8sP
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_fba70ce59d790880a26714bcbe43bbe4_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_fba70ce59d790880a26714bcbe43bbe4_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\gewos.exe"C:\Users\Admin\AppData\Local\Temp\gewos.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD53f3ed12184bf036e0f1ae111bd616419
SHA1b3cba55845bf3ef77b0c8a984352e9e1b0d37352
SHA256f4a360cdc00fa55ecf18f349ed0c402ab841f03f97ee8b57e1710f3b75c3f029
SHA5128b103dfd4fb89ee5cf67497c74648cc5518579c9264ae4511b846d06b5f2d1136229c04b800cf84190dfb1e3d922a6e38d98cdd65076f1edc13e2d343f15efa7
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB