25ef9d050edc891f47d02c4328d23ae6c1897b940ee94b68db9c27db45fea9e5

Analysis

max time kernel
31s
max time network
32s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23b6dc60124647a18522a24642bd7210N.exe
Size

63KB
MD5

23b6dc60124647a18522a24642bd7210
SHA1

0451c84ac73855c60fd021d16cda6ca21522e775
SHA256

25ef9d050edc891f47d02c4328d23ae6c1897b940ee94b68db9c27db45fea9e5
SHA512

63f27ccf671661215dcb01d4908a8879be71c1f0864baf7d81bf95db28d5128f6b8970dcf9deeec001eeb686f39d165372e553ddd226688a160e8c567673cd7e
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHZnxl:btng54SMLr+/AO/kIhfoKMHdaz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2904	gewos.exe

Loads dropped DLL 1 IoCs

pid	Process
2696	23b6dc60124647a18522a24642bd7210N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2696	23b6dc60124647a18522a24642bd7210N.exe
2904	gewos.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2904	2696	23b6dc60124647a18522a24642bd7210N.exe	30
PID 2696 wrote to memory of 2904	2696	23b6dc60124647a18522a24642bd7210N.exe	30
PID 2696 wrote to memory of 2904	2696	23b6dc60124647a18522a24642bd7210N.exe	30
PID 2696 wrote to memory of 2904	2696	23b6dc60124647a18522a24642bd7210N.exe	30

C:\Users\Admin\AppData\Local\Temp\23b6dc60124647a18522a24642bd7210N.exe
"C:\Users\Admin\AppData\Local\Temp\23b6dc60124647a18522a24642bd7210N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\gewos.exe
  "C:\Users\Admin\AppData\Local\Temp\gewos.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gewos.exe

Filesize
63KB

MD5
67faf14cef73ecf8549eb386003fd388

SHA1
d3998bd06c9684890e409da04047563973b318bf

SHA256
2318efc029efb81cd5e578bf5c770d607050fdbe50881524347f52c027019c93

SHA512
a741c8590a2f76f946aba0312b767cf5dff9632ebb7032f20843a18f921c5a9ddb529c036d302f84e1c63f7107b790e4d3db496a6744306da0125bef27c597fc

Download Submit
memory/2696-0-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2696-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2696-8-0x0000000000490000-0x0000000000496000-memory.dmp

Filesize
24KB

Download
memory/2904-23-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download