Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_855d7123fb5d9f5122b0f336b4385a91_cryptolocker.exe

  • Size

    39KB

  • MD5

    855d7123fb5d9f5122b0f336b4385a91

  • SHA1

    c2d8c5802819f0e40b47d9ecbf5041ecf3c15acc

  • SHA256

    dd3e3d88e11ace4e1db0c57fa2e2db9e9e7975d5545d882b8bb4dab06a6f00f9

  • SHA512

    dfd68409bc5dd740f2277813c93536e84dfd4c1a6494292dbe110cede9fb772f17eda72a82d105eb208d935d53fa6c1ecc0fef1261ba8b335b16b6620e125320

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunRSyHmYvV82:btB9g/WItCSsAGjX7e9N0hunRvGIV82

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_855d7123fb5d9f5122b0f336b4385a91_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_855d7123fb5d9f5122b0f336b4385a91_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    39KB

    MD5

    74cb50eaf7e7c4d6159f8f572dcc3b2a

    SHA1

    471296a20f616e959f8b3d8829f12785a2c45621

    SHA256

    39829cdd21407927cd69c9a82e56aa1eac669583f37e80bb3b4d32de3c3fb8be

    SHA512

    acaad96dc7062050b8bdfc38d0709c62a06a75e2a2564cbe8b0fffac2f10ed6b23ce6ce056a0a6ffea3f5b580b1687e1aef51eaee97b2ead0d2aaf04c7c78f2a

    Download Submit

  • memory/2420-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2420-0-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2420-8-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3040-23-0x00000000003D0000-0x00000000003D6000-memory.dmp

    Filesize

    24KB

    Download