Overview

overview

7

Static

static

3

2024-10-13...er.exe

windows7-x64

7

2024-10-13...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 02:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-13_f77f4bb0e12f518b7ce92144d872f24e_cryptolocker.exe

  • Size

    40KB

  • MD5

    f77f4bb0e12f518b7ce92144d872f24e

  • SHA1

    62059d2e8e4cddf51c095011ca885d7a06d059ee

  • SHA256

    4d9be9b1f59c08899d7f0a72be769e7884d60d1ab65bf6368507778712477504

  • SHA512

    a7433f7cf375c33c6d4eff5f7f9f9e7ead8219d25d3422737e39e5a578669a2b85e72d415cc461b48a8669196374b23541a5e2f2ce6df86ef7418c8c77d798f2

  • SSDEEP

    768:btB9g/WItCSsAGjX7r3BPOMHocM4vUUOmJ+ms:btB9g/xtCSKfxLIcMzUwf

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-13_f77f4bb0e12f518b7ce92144d872f24e_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-13_f77f4bb0e12f518b7ce92144d872f24e_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:320

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\gewos.exe
          Filesize

          40KB

          MD5

          14134b19e6ec37c053cdf5d3806a8627

          SHA1

          8c6ac161584272ef38dadac21076c125fafbc1b6

          SHA256

          6c4f0b44d0b9005459b50086021a27abd69df4d948d17e926bd3fb6bf99b6472

          SHA512

          750a84ae99a062c9512cfa28efe996ae6658352746f61fab0f6156899a1ce93d52b77a639a3078b99b33e48a81d732736c1e44e806de04c796efb117cf7cd64b

          Download Submit

        • memory/320-25-0x0000000002210000-0x0000000002216000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3896-0-0x00000000021D0000-0x00000000021D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3896-1-0x00000000021D0000-0x00000000021D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3896-2-0x0000000000400000-0x0000000000406000-memory.dmp

          Filesize

          24KB

          Download