Overview

overview

7

Static

static

5

2024-11-19...er.exe

windows7-x64

7

2024-11-19...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-19_9c43144ec94589a46b18e9ae1b3df5c1_cryptolocker.exe

  • Size

    58KB

  • MD5

    9c43144ec94589a46b18e9ae1b3df5c1

  • SHA1

    a2b46c9f15324abbf12ffa5452a1aa0f8959d92b

  • SHA256

    36e665ed39eb998c8a9b34e3d75b93cfeecdb0781b7fcc1f807bc23a8055b940

  • SHA512

    90aedce010c0100a062ca97f43539c4e47528ee621be03884dd69bba317c8446d324a406fb0279d99ad1163ffdc80daa2f516b8242c29a306c147c96546e164f

  • SSDEEP

    768:bP9g/WItCSsAfFaeOcfXVr3BPOz5CFBmNuFgUjlY8:bP9g/xtCS3Dxx0L8

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-19_9c43144ec94589a46b18e9ae1b3df5c1_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-19_9c43144ec94589a46b18e9ae1b3df5c1_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\gewos.exe
      "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gewos.exe
    Filesize

    58KB

    MD5

    2cdc45b00dd89dbc2d3a26413c577253

    SHA1

    b8948fafc5a87f07fa42ca591228280bdd4be79a

    SHA256

    304693e862f702bf863e9f316702b6633275bc78cee8bacdc8b18081d1abb166

    SHA512

    3b39a74afdcc0f0adde50a8c29fd3179f1ed6ef6dea3e3668a055572f8068f040fdc276a19519d969761bad1a329115d7ef1c9046ca8e8245ba346de2866d7d0

    Download Submit

  • memory/2672-1-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2672-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2672-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2672-9-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2820-17-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download