77521e5cd2ee27a5bf92da529ec68cafc92cb18bc121acb8ae9056f32fcc93b6

Analysis

max time kernel
0s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cwelium.exe
Size

12.8MB
MD5

115f9b45652050c331772c23c3d9052b
SHA1

02344573f43aa8c86c071a70a9d2f0f192f1d285
SHA256

77521e5cd2ee27a5bf92da529ec68cafc92cb18bc121acb8ae9056f32fcc93b6
SHA512

e3a08e03a6b5c9e26ad4255a528a0e780aa19972b07e4c8362c425483eeab442b18c76a07d837c8081a3adcbe6f52bcbf5ae5fb01e18314108357cf17cad738f
SSDEEP

393216:L0ZYk5yBDB3PYooP6j7ft6kMCLpb7nmbn7WEIgV8:LnpBDB3JoP6MYJ6bnAA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2788	Cwelium.exe

Loads dropped DLL 2 IoCs

pid	Process
2648	Cwelium.exe
2788	Cwelium.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2788	2648	Cwelium.exe	31
PID 2648 wrote to memory of 2788	2648	Cwelium.exe	31
PID 2648 wrote to memory of 2788	2648	Cwelium.exe	31

C:\Users\Admin\AppData\Local\Temp\Cwelium.exe
"C:\Users\Admin\AppData\Local\Temp\Cwelium.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\onefile_2648_133663876474158000\Cwelium.exe
  "C:\Users\Admin\AppData\Local\Temp\Cwelium.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2648_133663876474158000\Cwelium.exe

Filesize
15.0MB

MD5
765f529f47e6bcefc2165d5f26704845

SHA1
51d6c8d4061572f79b78af44bab1a5468442c6f5

SHA256
d4657cb84910fc0b479dab7b098722b3dffb26d64dfd72a9a3de5b833e752d1f

SHA512
6d0a6f4dac6dab171122004c477bd6d11e0eff5b0c9beb7643724322362d498fc4b52b9f08ba35b0c08ac272ac214de4e4f9f71e6df275f1e0240b2d8671f288

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2648_133663876474158000\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2648_133663876474158000\Cwelium.exe

Filesize
14.5MB

MD5
be373e7c7e020743fcf9c048d1b96575

SHA1
91235dbdec6017e68699363a4945765c56ba17a2

SHA256
b5084a6f7e477da905d8497411c11b17dc825140f5ed0a2a4e85a5120a2681aa

SHA512
5b4fdcfd7fa85f85ad289e8e6f75a235ab004d96ae3f408ee70bf9571c61ed0b4b102ce66f4b0a3c694622f84e1e88f9a641d19fba79de737e77381014bb3534

Download Submit
memory/2648-30-0x000000013F6B0000-0x0000000140393000-memory.dmp

Filesize
12.9MB

Download
memory/2648-54-0x000000013F6B0000-0x0000000140393000-memory.dmp

Filesize
12.9MB

Download
memory/2788-29-0x000000013FF30000-0x0000000140E67000-memory.dmp

Filesize
15.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads