Analysis

  • max time kernel
    132s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2024 03:06

General

  • Target

    2024-10-12_b1954077fdbe19cd082369851d08bc2e_cryptolocker.exe

  • Size

    36KB

  • MD5

    b1954077fdbe19cd082369851d08bc2e

  • SHA1

    36611b1b7c80329b34c4aa03055848dd7dcba7c4

  • SHA256

    7262eadd35370b14fd1990e3c05583288725059541a04f3c8be5dcfa940821bf

  • SHA512

    8e8e430789d43a4504ace0b1382c22e0190564b50fd14b36c6e2cc2abac0be82f80544bb4c466d19d15f8d6f044d45bc4d9988abdb5628ea623a23502b4068cc

  • SSDEEP

    384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4l8tFFxE2BodcAOjbQ36ttTa:btB9g/WItCSsAGjX7r3BGub8V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_b1954077fdbe19cd082369851d08bc2e_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_b1954077fdbe19cd082369851d08bc2e_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gewos.exe

    Filesize

    36KB

    MD5

    552554e3d0f162ed9d7e4bfb14786758

    SHA1

    6443ea175a7d14b9c1b545d1a07656e3cfd6da8b

    SHA256

    ca30ad493ff5fca4a17e7d376922a6f91ed4faf6d3275c9937f9a2f8330547cd

    SHA512

    3defd9d7d6c31a2c46b86536f7e98313935909b9f090515ce4c33bf84766c89d1a863b7a1195f4a5687cd4e569a08ffd564270464ab9d157f97bebb44ce667da

  • memory/1484-0-0x00000000003C0000-0x00000000003C6000-memory.dmp

    Filesize

    24KB

  • memory/1484-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

  • memory/1484-8-0x00000000003C0000-0x00000000003C6000-memory.dmp

    Filesize

    24KB

  • memory/2304-23-0x0000000000210000-0x0000000000216000-memory.dmp

    Filesize

    24KB