f75e2eb30ae3444f7a6ccdf3984ee59a6f2ebe0058e85dffe9a8e80f62321357

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4960b7a7183e5f21cffa697d7ef33e7.exe
Size

60KB
MD5

c4960b7a7183e5f21cffa697d7ef33e7
SHA1

b635a6855e9bb803817b3a35210f0170f9a63f79
SHA256

f75e2eb30ae3444f7a6ccdf3984ee59a6f2ebe0058e85dffe9a8e80f62321357
SHA512

fca814338e174983a8bfaedfcba4d5051855cc855456d5b64180cc07a54e8916041a63b64e3a12a2fce3148dc9f5def28fed1f197d003717fc37b32573857b9f
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHzA:btng54SMLr+/AO/kIhfoKMHdt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2484	gewos.exe

Loads dropped DLL 1 IoCs

pid	Process
2068	c4960b7a7183e5f21cffa697d7ef33e7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2068	c4960b7a7183e5f21cffa697d7ef33e7.exe
2484	gewos.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2484	2068	c4960b7a7183e5f21cffa697d7ef33e7.exe	28
PID 2068 wrote to memory of 2484	2068	c4960b7a7183e5f21cffa697d7ef33e7.exe	28
PID 2068 wrote to memory of 2484	2068	c4960b7a7183e5f21cffa697d7ef33e7.exe	28
PID 2068 wrote to memory of 2484	2068	c4960b7a7183e5f21cffa697d7ef33e7.exe	28

C:\Users\Admin\AppData\Local\Temp\c4960b7a7183e5f21cffa697d7ef33e7.exe
"C:\Users\Admin\AppData\Local\Temp\c4960b7a7183e5f21cffa697d7ef33e7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\gewos.exe
  "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
60KB

MD5
21e466b1c2496841f18d460d9558d5f6

SHA1
7079c50553394f9c3c18705fbd4ea689c6179dbe

SHA256
8838ed78e5234dce6876df3be0a9e45cf00f80c5be8b0e08ef512779a174795c

SHA512
6006844723230571552957b84aabb8df68da61ed4c3f663e8822a3712d318bd1e5b72c9400ed31568c0c36c42c68e21286d397edf0e6cfebab961dc639628484

Download Submit
memory/2068-0-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2068-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2068-1-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2484-23-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download