Overview

overview

10

Static

static

10

2024-04-26...er.exe

windows7-x64

9

2024-04-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-04-2024 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-26_6f631f859a50fe8b47429117b5c33a55_cryptolocker.exe

  • Size

    55KB

  • MD5

    6f631f859a50fe8b47429117b5c33a55

  • SHA1

    2a0db8a4d7500e0634730d8e0fd4dd974569322c

  • SHA256

    719d5088daf4d7653a10263470cd7680f3ac55664fff0884332f0382baef113e

  • SHA512

    44e939658f3dbf48debea8b337c7fdac4a4b572096fc56da50007f247a53dc6574da7c779c915d21c7765b3d88ba570bb0bf7fb5a7f85849380c596176c05ae4

  • SSDEEP

    768:bP9g/WItCSsAfFaeOcfXVr3BPOz5CFBmNuFgUjl+Sh:bP9g/xtCS3Dxx0JSh

Score
9/10
upx

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • UPX dump on OEP (original entry point) 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-26_6f631f859a50fe8b47429117b5c33a55_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-26_6f631f859a50fe8b47429117b5c33a55_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1860

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    56KB

    MD5

    d4f7d9512d55d0ceedfee5db1cf4da6b

    SHA1

    29d56be8c483bb4592fb21f8e3ac1eed5318dc40

    SHA256

    8221eef329b138892e661886b00e390bea7123a95d78a4f96ac4e2f3cd3bbc16

    SHA512

    c6a2bdb85a6e540b8820c440e038f39da1a2b23dedaba42bb943f0b042d7b2bcba55d0f0c94c091fe33d2da4cf8d20f84504aac9ed42955d8d33a11eb28bf3bb

    Download Submit
  • memory/1392-0-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1392-9-0x0000000000370000-0x0000000000376000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1392-2-0x0000000000400000-0x0000000000406000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1392-1-0x0000000000370000-0x0000000000376000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1860-16-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1860-25-0x00000000003E0000-0x00000000003E6000-memory.dmp
    Filesize

    24KB

    Download