Overview

overview

7

Static

static

3

2024-09-19...er.exe

windows7-x64

7

2024-09-19...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    32s
  • max time network
    110s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-19_cda658974c5cadf4a833c739b188da56_cryptolocker.exe

  • Size

    41KB

  • MD5

    cda658974c5cadf4a833c739b188da56

  • SHA1

    49f17f2bfeb3439a47ca9318875a0ca9efe17632

  • SHA256

    8e238671fa8ec435e379d5aa8759d1decb8b1b8aa4f63fbd665e8c66d6b50dc0

  • SHA512

    27ea4bac53fdb3eaba91ad30cbf581554fcda20d43d4cffb194c1c7cee9ea0808a1ec46209755fa2c16b700b4ed05f184bf0b02bcae4b94bb3d52d83ba5e18ce

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4l8tFFxE2B94IOMHo3sxP1Tx:btB9g/WItCSsAGjX7r3BPOMHoc/QQJPH

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-19_cda658974c5cadf4a833c739b188da56_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-19_cda658974c5cadf4a833c739b188da56_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    42KB

    MD5

    b001ce43d5c607f9dff54f36be844241

    SHA1

    46fb8b72a6c1f3416f4143fc319e375a70f1c9d3

    SHA256

    2c9f24f3c5535a6db2dbf8a39b5232d113e7dc47c05566a7c24eec30791e90db

    SHA512

    f30b3733d514ac34bf224d953b46952a3243f006ac0901eef2367ea1d78ad5e12b6a0cd472ac7e255234eaa07ab7a12607e4d823ac33755c3ba6a5516e297adb

    Download Submit

  • memory/2104-0-0x00000000001F0000-0x00000000001F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2104-8-0x00000000001F0000-0x00000000001F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2104-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2760-23-0x0000000000260000-0x0000000000266000-memory.dmp

    Filesize

    24KB

    Download