Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 03:49
Static task
static1
Behavioral task
behavioral1
Sample
c4960b7a7183e5f21cffa697d7ef33e7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c4960b7a7183e5f21cffa697d7ef33e7.exe
Resource
win10v2004-20240221-en
General
-
Target
c4960b7a7183e5f21cffa697d7ef33e7.exe
-
Size
60KB
-
MD5
c4960b7a7183e5f21cffa697d7ef33e7
-
SHA1
b635a6855e9bb803817b3a35210f0170f9a63f79
-
SHA256
f75e2eb30ae3444f7a6ccdf3984ee59a6f2ebe0058e85dffe9a8e80f62321357
-
SHA512
fca814338e174983a8bfaedfcba4d5051855cc855456d5b64180cc07a54e8916041a63b64e3a12a2fce3148dc9f5def28fed1f197d003717fc37b32573857b9f
-
SSDEEP
1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHzA:btng54SMLr+/AO/kIhfoKMHdt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2484 gewos.exe -
Loads dropped DLL 1 IoCs
pid Process 2068 c4960b7a7183e5f21cffa697d7ef33e7.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2068 c4960b7a7183e5f21cffa697d7ef33e7.exe 2484 gewos.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2068 wrote to memory of 2484 2068 c4960b7a7183e5f21cffa697d7ef33e7.exe 28 PID 2068 wrote to memory of 2484 2068 c4960b7a7183e5f21cffa697d7ef33e7.exe 28 PID 2068 wrote to memory of 2484 2068 c4960b7a7183e5f21cffa697d7ef33e7.exe 28 PID 2068 wrote to memory of 2484 2068 c4960b7a7183e5f21cffa697d7ef33e7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c4960b7a7183e5f21cffa697d7ef33e7.exe"C:\Users\Admin\AppData\Local\Temp\c4960b7a7183e5f21cffa697d7ef33e7.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\gewos.exe"C:\Users\Admin\AppData\Local\Temp\gewos.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2484
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD521e466b1c2496841f18d460d9558d5f6
SHA17079c50553394f9c3c18705fbd4ea689c6179dbe
SHA2568838ed78e5234dce6876df3be0a9e45cf00f80c5be8b0e08ef512779a174795c
SHA5126006844723230571552957b84aabb8df68da61ed4c3f663e8822a3712d318bd1e5b72c9400ed31568c0c36c42c68e21286d397edf0e6cfebab961dc639628484