5cef45602b843003d06ee762499e1606134be8ce6567e046961863cbc96e9c72

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nuwo.exe
Size

5.6MB
MD5

013ea4a21aaca3ed7996813e64aa7bba
SHA1

d0014c7dee9b7ebd81ffc393dd959108763d8d10
SHA256

5cef45602b843003d06ee762499e1606134be8ce6567e046961863cbc96e9c72
SHA512

1244bb7d70665279419cd9b1a74beafab30a6cc84740248c00dec4c19d58148324e83df594f70f1818fa2edb1afa6acbc42155bb4ea860c56de9a0084d483b71
SSDEEP

98304:untKXczyJxK1GHWjOjFgFXHYSxTpirSHcUR4iRr2ZF9yoeb3/2JlI9P5QQR:untO7K1MkOjmFXRxtYSHdKiRr2RN8yOX

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2556	Nuwo.exe
2556	Nuwo.exe
2556	Nuwo.exe
2556	Nuwo.exe
2556	Nuwo.exe
2556	Nuwo.exe
2556	Nuwo.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019433-80.dat	upx
behavioral1/memory/2556-82-0x000007FEF5E50000-0x000007FEF62B6000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2556	2032	Nuwo.exe	29
PID 2032 wrote to memory of 2556	2032	Nuwo.exe	29
PID 2032 wrote to memory of 2556	2032	Nuwo.exe	29

C:\Users\Admin\AppData\Local\Temp\Nuwo.exe
"C:\Users\Admin\AppData\Local\Temp\Nuwo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\Nuwo.exe
  "C:\Users\Admin\AppData\Local\Temp\Nuwo.exe"
  2⤵
  - Loads dropped DLL
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20322\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
309ff152e830995a7978da8b20ebb318

SHA1
7daaf752d511b0fdae74008a5d0808f51553f21e

SHA256
940a9a02e564e2ce13280b78f4aa7b794b97685830edf2be3fbb0aecfdee707d

SHA512
565ea894214b88ea1a50779a1f36db2cbeb0aaf77a24d92b3d66c1ddab2dc57876205aa02721f79d3d4d01012df7347b62f4b8504f65915e07170b6901a7679c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20322\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
1e10f8ae883cdf8fc5fe166e61bd4c45

SHA1
5bc3de1f03674a32b309869a5f1b48d89790ff40

SHA256
e9e0a414c092ac237ee2c0e5f167efe9ff5e62314a5eb529011f85bdf7c0b2b7

SHA512
2ab555986a57f7fda8e284d472d1c1ca583e2415b6e9deccb0f1b0c72ce81fcddb1c733dc0b8f9d0f3ab8eae21864080c9091202ff99655534019b28a3ea866a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20322\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d13d82a9f3a0ee74f5c778ea50de9d4b

SHA1
afbf2470f0d46caf56f792ee10f6e86d58fc1aef

SHA256
139594138f923f34192b84edd810a6292eeb880e7797aeb3b9f22e69613426cf

SHA512
8544c73b9fb957ce0af9c112e0e06f3548525995d242098bf54c6d9e1a9822b1687bb5c32f85a7496632bfcabd4982ad8d573d74e1dc500c51cbd51558f8d6ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
e105a7a95c3446b76a521c741ab03d1b

SHA1
b8371e3d938daca45bfd7ef2101e6fabd0e2450d

SHA256
a2947ba9d0c5510a62f685c839990cbe4ec43e2c7b38e20938420b562229090f

SHA512
10d4ed9e7a47d21bf04bb6c3b181e66528755601b1b748d2c23c20c9543f18e2cc2e87e133db5569b19d04748356891159ba210c1e3e719bb6dafce054a7c55a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
e27aa1ee2a6b5aa8d746ceed7095fdaf

SHA1
e7bc272932c30c494e672bc2871bbc26d2c758b6

SHA256
31e96eaf08a5dad4afe4304c97d18aefdfdc22c444c9f67be272f8e6282aa76a

SHA512
4c075c2ebab277480a05108588155d6f669c32d0bffd4264bc4d316fbaee613f940ffe4432ff906346f4290c5e379c7449a989c932834aed4c3f972d905b59e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20322\python310.dll

Filesize
1.4MB

MD5
08812511e94ad9859492a8d19cafa63e

SHA1
492b9fefb9cc5c7f80681ebfa373d48b3a600747

SHA256
9742af9d1154293fa4c4fc50352430c22d56e8cdc99202c78533af182d96489c

SHA512
6f7e41f4e2f893841329ac62315809a59a8d01ca047cb5739eb7ac1294afd4de2754549f7b1f5f9affa3397e9de379c5f6396844fc4fab9328362566225ddb8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20322\ucrtbase.dll

Filesize
987KB

MD5
28647d8fb402416cb1c986894d849c50

SHA1
bf0eaa587001214a4d6e6876b8adfcb49254450b

SHA256
b3591e2ba725934a1a659882444b85b186da44d2dddaba3b66587dd3f97364ab

SHA512
689346b9d9fa2f93a5d50af15eee9cc18ee819c00986dabbdd102126556466adecc412a8c539a8d22239cddccc1c3d3dd5783dff047f593bfd7be761c0ab9b12

Download Submit
memory/2556-82-0x000007FEF5E50000-0x000007FEF62B6000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads