Overview

overview

10

Static

static

10

2024-06-05...er.exe

windows7-x64

9

2024-06-05...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 03:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-05_7bb9e8d3c885014234e2b3adf71ec110_cryptolocker.exe

  • Size

    39KB

  • MD5

    7bb9e8d3c885014234e2b3adf71ec110

  • SHA1

    2e21e82f036d2e714a27fb7bbe0be9ce5b691020

  • SHA256

    43f0e7871ad07a4fbc671955ef8a5078426604b27d786ec00b1b491b5ae74f22

  • SHA512

    f9ac183102795506e3ab6e5050749f3836e9d559d79ecf520f2bd2af26188e11c86f4cc03cf51ad56553f7281740773925bd0a9e87d25bae6bec38c32751004a

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunRSyHmYvV8ZL:btB9g/WItCSsAGjX7e9N0hunRvGIV8ZL

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-05_7bb9e8d3c885014234e2b3adf71ec110_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-05_7bb9e8d3c885014234e2b3adf71ec110_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      PID:3292

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\gewos.exe
          Filesize

          39KB

          MD5

          087279f7ee1d94fe094d59b7ddb2d62c

          SHA1

          dac0313481cc4f55e09a921c7b28eb18d47a9972

          SHA256

          9d4cac3ac62572c11f72ff924bf8338b59d4a9fe814180ee9a0f708d21d3468b

          SHA512

          fdaf634b2372f6246807c992ff9f1e265a91758fb0566800d8b0d00aa3390f2c609063a54296fbc2653193fcb4e9dd378b8336636d860d02aaaed71c8ebb823a

          Download Submit

        • memory/1860-0-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1860-1-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1860-8-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3292-25-0x0000000002100000-0x0000000002106000-memory.dmp

          Filesize

          24KB

          Download