Overview

overview

10

Static

static

10

2024-05-23...er.exe

windows7-x64

9

2024-05-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_585ac44aeff6f32486739fe3a57bd067_cryptolocker.exe

  • Size

    36KB

  • MD5

    585ac44aeff6f32486739fe3a57bd067

  • SHA1

    0d3397fddf2803f3ab35f1469e1c0271c6c9b906

  • SHA256

    2b899a12cbd95a19c545d4a48dc60402c1d257065f796567a37b3be1de934db3

  • SHA512

    50775a49f990dcf3974aebdb15bd319f454525a7a9a652ccea72c46cf56738608aea3ba53242152c26ede690142d52b5d529bb69889d008b1c238de5227150f8

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4l8tFFxE2B0qvoLUZ61V/:btB9g/WItCSsAGjX7r3BTmUQ1V/

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_585ac44aeff6f32486739fe3a57bd067_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_585ac44aeff6f32486739fe3a57bd067_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    37KB

    MD5

    49249c263d411ff41ecc5498423c6dd7

    SHA1

    85251c811aeb1caac0b9498163f697b7129d6e4d

    SHA256

    d8b5c3d80dd029a49e6c03d3d835d15fd26cb0518f3652e1e26900708f344451

    SHA512

    c78726ed776062ce84ae776f6d9cd589c5763812b5e14e73906ae53516307273a75a6973fc6d70aa018bf14799039696abf7f18c28c3e27cafc4628cfc421ebc

    Download Submit

  • memory/1968-0-0x00000000003E0000-0x00000000003E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1968-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1968-8-0x00000000003E0000-0x00000000003E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3028-23-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download