Overview

overview

10

Static

static

10

2024-05-11...er.exe

windows7-x64

9

2024-05-11...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-11_2ecc6fa049493adcd984f67ce7063174_cryptolocker.exe

  • Size

    39KB

  • MD5

    2ecc6fa049493adcd984f67ce7063174

  • SHA1

    5627a5026a820e11b8e0bbc5bfe5ee82d38315e7

  • SHA256

    53aa3ff53ccb472b73cced1091a0b9284c5d7b7c3149bf03d7bb32f543a0cbc1

  • SHA512

    718c9080ae456a94ccfd9d2850225d33e3489aa045a3c4c72dc16a3db7a1145f09b47f517eaab11075b558cc31e1360ca27f3b6236d9eb2607d62d9fc5f72c6c

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunRSyHmYvV8In:btB9g/WItCSsAGjX7e9N0hunRvGIV8In

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-11_2ecc6fa049493adcd984f67ce7063174_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-11_2ecc6fa049493adcd984f67ce7063174_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    39KB

    MD5

    cdc6c79a0a6bcc84830571712f59ee67

    SHA1

    96b5c4b843dfd15e00045c37d1db618296f59e22

    SHA256

    b3051f9fc18166c1350d2374eeeb53a6d2f3ee93e442d8e677114829740c5e9e

    SHA512

    6666939433805153e534f002c6581d9354ed98cbe17b6e786d772cb1c0928709e8f9ab61f1460d1e73233eb8498915c4d16aeafe537c16a5099d7f182c72cadb

    Download Submit

  • memory/2592-0-0x00000000003E0000-0x00000000003E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2592-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2592-8-0x00000000003E0000-0x00000000003E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2936-23-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download