Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_402001e07a8802c8b88aaf312682880d_cryptolocker.exe

  • Size

    62KB

  • MD5

    402001e07a8802c8b88aaf312682880d

  • SHA1

    a93faad54ab27c00f8a80318d63663bca07301a4

  • SHA256

    4231600615c075ed2be2c0c1e3740da4d5b01daa8219dd7d6d19b6a969763ae3

  • SHA512

    e5dd83f9d002a5c6719dfe3fdc4dab226879ba1cd6de9c01e85abad71fcbb47a0f5d594acbe17daf4afa13ae201f5570041e10b6853003d86da5df73d60e86d7

  • SSDEEP

    1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHZnF7HN:btng54SMLr+/AO/kIhfoKMHdaj

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_402001e07a8802c8b88aaf312682880d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_402001e07a8802c8b88aaf312682880d_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    63KB

    MD5

    e1bc0eba6ef9f1eccbd01ed5ad4d4f5e

    SHA1

    796e3b87400d7a1fb91ea5a85ea3481f6b8359a0

    SHA256

    f15503118f66f194ba1f59ddb5552a9f4c257b6861fa7ae4be7e8cc5716ca26b

    SHA512

    e076a0398000341d91b08181afbc2929e2c36fe0acd436034421be164dbcfd85a08755ff146992b441a16a69a11058b6cde40b1f7efaa0c6b0bafd7334ecce20

    Download Submit

  • memory/2176-23-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2192-0-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2192-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2192-8-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download