Resubmissions

11/06/2024, 18:56

240611-xla3aaxfjn 7

Analysis

  • max time kernel
    2s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 18:56

General

  • Target

    Cwelium.exe

  • Size

    12.8MB

  • MD5

    5918cc2107cc478b5408710634ef3243

  • SHA1

    2b6f80659d4bc4c51eaf2c3e06e4075bfe99c65d

  • SHA256

    fd64f2f11b6cbac2393c0ee9821c1d713095ec0fea2e24653c6fc6d31a10dfa5

  • SHA512

    847a7bf728cb94952e4366f302f00ed9ae737c27866df2811f36ac198fcccf215c8dbe6bab9d3f65181d78f3236c4b8d758b82b5949feafbef2e4735b4c27332

  • SSDEEP

    196608:j//tuqd3AOtWzhC4uAqAvcEQi2dP1NKu3k79BNgrrpq+sfv4ljxqdiK4IZLFpQ+t:j/t7Q6eZX2ddNT9pzq4ljxqciWtqmU7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cwelium.exe
    "C:\Users\Admin\AppData\Local\Temp\Cwelium.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\onefile_2116_133626057803732000\Cwelium.exe
      "C:\Users\Admin\AppData\Local\Temp\Cwelium.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2116_133626057803732000\python311.dll

    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

  • \Users\Admin\AppData\Local\Temp\onefile_2116_133626057803732000\Cwelium.exe

    Filesize

    15.0MB

    MD5

    319c4b240cd7eeb7e39d9dc8d382baf8

    SHA1

    7cb9adaf31e06d9f55dc51160a2a8ad6878f01cc

    SHA256

    22d34a6dfcc54a2ff69560a2448d1a4150a36c34b83bc954a722754b9e587dac

    SHA512

    cbe525b3451338ea445224a975c718d9bf80a0341ff0d0d87c94b8b7459b8557d4d3661813197ee61a2cca1da9f2b504a0dbcf6224852aab72bf331b7083d5d3

  • memory/2116-53-0x000000013F9D0000-0x00000001406B3000-memory.dmp

    Filesize

    12.9MB

  • memory/2708-29-0x000000013FC20000-0x0000000140B56000-memory.dmp

    Filesize

    15.2MB