Overview

overview

7

Static

static

3

2024-09-28...er.exe

windows7-x64

7

2024-09-28...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 20:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-28_c74d67310f5290ee2a8af1396c039777_cryptolocker.exe

  • Size

    33KB

  • MD5

    c74d67310f5290ee2a8af1396c039777

  • SHA1

    003db44d8bb1500f4a8849ce8ea5823124f04e3c

  • SHA256

    aa4dbaafd52c01fb8392f6ac98ca00b04d3004f7f12a1af4c636becd29bac136

  • SHA512

    04e55097d53ae5cc8fbc238c331ab9ef571e2acc905035766a666244aca031c50bbaa5e9e5bf20d0a2a34f157e40caf49006be56512bdd408e0246261f0ed872

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiA0f91:btB9g/WItCSsAGjX7e9N81

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-28_c74d67310f5290ee2a8af1396c039777_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-28_c74d67310f5290ee2a8af1396c039777_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:2432

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\gewos.exe
          Filesize

          33KB

          MD5

          e395503d853add5bfb8632a4d4d8eb11

          SHA1

          f29125c7dbf441a5fd8bc120519459a9639cd664

          SHA256

          9a9d55e5b9614191da4fc664b333675f2c03da3340d1476bd1812021f96d1876

          SHA512

          da19a6f0d849abea0b47d927a02da09bbd26f7047b31e2201d2cc4584aabbc789661bd80c28a253ef81f77c55d8138ffcb7e3de0e3f4bb19e09f2617f915c79c

          Download Submit

        • memory/2432-16-0x0000000000310000-0x0000000000316000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2960-0-0x0000000000280000-0x0000000000286000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2960-7-0x0000000000280000-0x0000000000286000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2960-1-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download