Overview

overview

10

Static

static

10

2024-02-23...er.exe

windows7-x64

9

2024-02-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 16:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_fe5a92fb8ae0ea370591c0486e520088_cryptolocker.exe

  • Size

    60KB

  • MD5

    fe5a92fb8ae0ea370591c0486e520088

  • SHA1

    70709de510a007c67a879a76d0ee8ae81a976b56

  • SHA256

    be2872650d00e8c99b445615cfc75785c3a1a757d78f139ef28c02b8cf8eab97

  • SHA512

    7c1439ba8097656bba97c6620aa31b5c35cff2f12586801142a569bc5bd17c58b93881a8c6a562541e96a645826842a36c390ee37bbe842f7abd3abd196d84cf

  • SSDEEP

    1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHNWZ:btng54SMLr+/AO/kIhfoKMHdf

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_fe5a92fb8ae0ea370591c0486e520088_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_fe5a92fb8ae0ea370591c0486e520088_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2056

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\gewos.exe
          Filesize

          61KB

          MD5

          6cf0ff338c3e8525b8d278508505f327

          SHA1

          aedd45ffe16efa7532fc5087030de788e00c96a8

          SHA256

          f8c62c465e9f18ef8bcd4ce16d817ed22055646a8b4f2688880a229c0b982e79

          SHA512

          ed68c3d43d91399fb49e287acd5baad69456b7befc44afd3553b219c932060d6e589a844c5a3c61fb6c4ffe9c005666b95e7a787609e15a68c8622d09f9f13c5

          Download Submit

        • memory/2020-0-0x0000000000270000-0x0000000000276000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2020-1-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2020-4-0x0000000000270000-0x0000000000276000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2056-18-0x0000000000340000-0x0000000000346000-memory.dmp

          Filesize

          24KB

          Download