Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:49
Static task
static1
Behavioral task
behavioral1
Sample
8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe
Resource
win10v2004-20240508-en
General
-
Target
8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe
-
Size
62KB
-
MD5
88aa0a87ee57c61d3f92524b7d43dfe2
-
SHA1
703c9d57d24e11a422c1af2005d838af625de655
-
SHA256
8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b
-
SHA512
a284e4e8bfdfffbd8807b231e4d169383760ae01705b36c18e7134fa3cd26e9d9c465613b1c42a69e4866ef823b190bdbb7c63a9f5dcebb8dbad6cb944a1d814
-
SSDEEP
1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHZnxF:btng54SMLr+/AO/kIhfoKMHdaz
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2072 gewos.exe -
Loads dropped DLL 1 IoCs
pid Process 2940 8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2940 8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe 2072 gewos.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2940 wrote to memory of 2072 2940 8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe 28 PID 2940 wrote to memory of 2072 2940 8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe 28 PID 2940 wrote to memory of 2072 2940 8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe 28 PID 2940 wrote to memory of 2072 2940 8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe"C:\Users\Admin\AppData\Local\Temp\8a3c53bf3d82326a58eb191b8036f00ea1892da34311195f7daa0b81301a049b.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Users\Admin\AppData\Local\Temp\gewos.exe"C:\Users\Admin\AppData\Local\Temp\gewos.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2072
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD518069b46fa447c3e07ed33ff887a08b2
SHA10988e7fd7fa657091bfd0090ac9bfb303d37041e
SHA256a0d75c0519336769baa64e6ceab9631f9485928584c6845731641efd52259cf4
SHA512b78e0f1c685b0baf38d3b793579fb9369ad23872512cdda8a9fe8d34a492e51bd8e633a206a8c573d5904a8dce48faac38462f84e6271ab056328e47b1e34de4