Overview

overview

10

Static

static

10

2024-02-25...er.exe

windows7-x64

9

2024-02-25...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 02:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-25_a791b39ef4640d6e8f1a01f2177f00d9_cryptolocker.exe

  • Size

    43KB

  • MD5

    a791b39ef4640d6e8f1a01f2177f00d9

  • SHA1

    46b523056a5892dce676015ea4c282943d493e6b

  • SHA256

    b9273927c2703c5c996f3bffb4617744f9dcdf9444e9bc5cf5c2c6ecc6c46e70

  • SHA512

    08af77a032f7d76ced2acf03a06b384be82e8930cab3c0366d8b36181a181fc98a778c5d94dfe2a015b1fb41a1e83b450f1e606fb5208eabecc542e0ccce8322

  • SSDEEP

    768:btB9g/WItCSsAGjX7r3BPOMHocM4vUUOmJ+96eg1le:btB9g/xtCSKfxLIcMzUw96De

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-25_a791b39ef4640d6e8f1a01f2177f00d9_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-25_a791b39ef4640d6e8f1a01f2177f00d9_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3348

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\gewos.exe
          Filesize

          43KB

          MD5

          e8e9c0ef8c9d71c355eadc29d1ee6875

          SHA1

          92a82cbe38aff06a40b7ad0227b96107bdfb125a

          SHA256

          3867038411f68c941f6cb1c28555a4318408a6deaf328310c9724e842340828a

          SHA512

          75ac8304b767970990533bc1e9cc8dc87a94ce4caf39fdc3f33a79de4ff09c8488635bea3a53dbb3eb864e2d96d3afa27febba75538fc3b6a6e2f8ed20454288

          Download Submit

        • memory/3348-21-0x0000000000760000-0x0000000000766000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4080-0-0x0000000002E90000-0x0000000002E96000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4080-1-0x0000000002E90000-0x0000000002E96000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4080-2-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download