Overview

overview

10

Static

static

10

2024-03-09...er.exe

windows7-x64

9

2024-03-09...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-09_cbe3e4de7fb3edb0316d55dd78fc4387_cryptolocker.exe

  • Size

    61KB

  • MD5

    cbe3e4de7fb3edb0316d55dd78fc4387

  • SHA1

    d197777702cec15b0efb78541e214d36004e9c96

  • SHA256

    413609e523abb8729871eb921e72f83fbd43b75e9ef32e0342551831fd248683

  • SHA512

    388841ced455ce4b40c82bec2980b03015869e7c2a2d94f736c863bb5b5f66b116e9ae8b4e3eeff33be28c22f3b5cfacb86fcc775e54c60de1b16d0847968476

  • SSDEEP

    1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHJ:btng54SMLr+/AO/kIhfoKMHdY

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-09_cbe3e4de7fb3edb0316d55dd78fc4387_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-09_cbe3e4de7fb3edb0316d55dd78fc4387_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3428
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:4744
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      Filesize

      61KB

      MD5

      e5a6c0fd988066ff41150dbaa24d7887

      SHA1

      11f32432cb04b55c8b3696b77ecdf5994b8a0e6b

      SHA256

      ade769e019c17f2937f6c58754b3ea6f199ca93e20bfdc885e8fa561bdfcf5dd

      SHA512

      7496a495a324e493247178b71e06a3f9882abac52b341b6e110cc53435caa5cb8a9446ba935f49bccde4a344da744b6c72cf118d2567b5216dc36d5801d6bd61

      Download Submit

    • memory/3428-0-0x0000000002260000-0x0000000002266000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3428-1-0x0000000002260000-0x0000000002266000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3428-2-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4744-20-0x00000000005E0000-0x00000000005E6000-memory.dmp

      Filesize

      24KB

      Download