c6424027170e9e3b23ac5f233476cfde312c49bcf85ac03f3d44ac92c048b196

Analysis

max time kernel
151s
max time network
188s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe
Size

61KB
MD5

72bdf5df44be5fab94dfedfd14e109c0
SHA1

57f83f76d0e3163917d6e4bd1d2f9d49b01dc478
SHA256

c6424027170e9e3b23ac5f233476cfde312c49bcf85ac03f3d44ac92c048b196
SHA512

173160bc17e51b46e0fa04c55129729402aa49debb28fabc664b1b5117164fbde8d7a72e4b5142c529c2c64639f1ad6f6a81f1f3c9bdf04661d000f71039e0d8
SSDEEP

768:CeJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:CQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1448	ewiuer2.exe
2504	ewiuer2.exe
3028	ewiuer2.exe
1752	ewiuer2.exe
2000	ewiuer2.exe

Loads dropped DLL 10 IoCs

pid	Process
2216	NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe
2216	NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe
1448	ewiuer2.exe
1448	ewiuer2.exe
2504	ewiuer2.exe
2504	ewiuer2.exe
3028	ewiuer2.exe
3028	ewiuer2.exe
1752	ewiuer2.exe
1752	ewiuer2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1448	2216	NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe	28
PID 2216 wrote to memory of 1448	2216	NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe	28
PID 2216 wrote to memory of 1448	2216	NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe	28
PID 2216 wrote to memory of 1448	2216	NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe	28
PID 1448 wrote to memory of 2504	1448	ewiuer2.exe	32
PID 1448 wrote to memory of 2504	1448	ewiuer2.exe	32
PID 1448 wrote to memory of 2504	1448	ewiuer2.exe	32
PID 1448 wrote to memory of 2504	1448	ewiuer2.exe	32
PID 2504 wrote to memory of 3028	2504	ewiuer2.exe	33
PID 2504 wrote to memory of 3028	2504	ewiuer2.exe	33
PID 2504 wrote to memory of 3028	2504	ewiuer2.exe	33
PID 2504 wrote to memory of 3028	2504	ewiuer2.exe	33
PID 3028 wrote to memory of 1752	3028	ewiuer2.exe	35
PID 3028 wrote to memory of 1752	3028	ewiuer2.exe	35
PID 3028 wrote to memory of 1752	3028	ewiuer2.exe	35
PID 3028 wrote to memory of 1752	3028	ewiuer2.exe	35
PID 1752 wrote to memory of 2000	1752	ewiuer2.exe	36
PID 1752 wrote to memory of 2000	1752	ewiuer2.exe	36
PID 1752 wrote to memory of 2000	1752	ewiuer2.exe	36
PID 1752 wrote to memory of 2000	1752	ewiuer2.exe	36

C:\Users\Admin\AppData\Local\Temp\NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.72bdf5df44be5fab94dfedfd14e109c0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3028
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1752
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        
        PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\86HXQ3JD.txt

Filesize
225B

MD5
8b2e745f1ba3872b9c481daf4b4e1203

SHA1
06abedbe86510ac5691fc93ad6040c2d64ea4e72

SHA256
0050ef10ad20e35481a6916f8cc16db04c1d22a80768d3dc72e30ee5aeb0fc92

SHA512
ca1dca79ec17569070e29c40c60d979fa3b173590c4e750ed12a2373d487b5209664b508220f4676e6066a14cb417e80ab981a033e557ef0f3170872a03b4514

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3ab18e8ebdce94de17fb8c448efc4fd6

SHA1
af6ca87f9b43d1305761d82b1406a28b4ff10445

SHA256
8353323339c2d58fe6e6dc6a125ae50987fa3d662cb4b1cb8c0c145094fc65c5

SHA512
a737c500380441fb8f17f762fa2e5fe10bb8f341db3f7e8a92d428f10a8a697129f370d558561588b036871280ccd30aebaf3a880be5088c1c192c56a27fada4

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3ab18e8ebdce94de17fb8c448efc4fd6

SHA1
af6ca87f9b43d1305761d82b1406a28b4ff10445

SHA256
8353323339c2d58fe6e6dc6a125ae50987fa3d662cb4b1cb8c0c145094fc65c5

SHA512
a737c500380441fb8f17f762fa2e5fe10bb8f341db3f7e8a92d428f10a8a697129f370d558561588b036871280ccd30aebaf3a880be5088c1c192c56a27fada4

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3ab18e8ebdce94de17fb8c448efc4fd6

SHA1
af6ca87f9b43d1305761d82b1406a28b4ff10445

SHA256
8353323339c2d58fe6e6dc6a125ae50987fa3d662cb4b1cb8c0c145094fc65c5

SHA512
a737c500380441fb8f17f762fa2e5fe10bb8f341db3f7e8a92d428f10a8a697129f370d558561588b036871280ccd30aebaf3a880be5088c1c192c56a27fada4

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e2cd1bf00039b4c0aba7ee22aab0b3fc

SHA1
8dfaabd7658f76b8d518e1ff0429dcb941e24ac1

SHA256
ac9410baaa36235d7e6b33929dcf7b03c26a9e01b6706837d76e166d50ed203d

SHA512
1312639ea52877971b974b3449d5a90ead1810f4ee5e26d7312ed83ffc22d403f05ceb5196eec437dfdb945888dbbd88b0ca6346b5753dcfa4290b8c2218b69e

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e2cd1bf00039b4c0aba7ee22aab0b3fc

SHA1
8dfaabd7658f76b8d518e1ff0429dcb941e24ac1

SHA256
ac9410baaa36235d7e6b33929dcf7b03c26a9e01b6706837d76e166d50ed203d

SHA512
1312639ea52877971b974b3449d5a90ead1810f4ee5e26d7312ed83ffc22d403f05ceb5196eec437dfdb945888dbbd88b0ca6346b5753dcfa4290b8c2218b69e

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e2cd1bf00039b4c0aba7ee22aab0b3fc

SHA1
8dfaabd7658f76b8d518e1ff0429dcb941e24ac1

SHA256
ac9410baaa36235d7e6b33929dcf7b03c26a9e01b6706837d76e166d50ed203d

SHA512
1312639ea52877971b974b3449d5a90ead1810f4ee5e26d7312ed83ffc22d403f05ceb5196eec437dfdb945888dbbd88b0ca6346b5753dcfa4290b8c2218b69e

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e88fe01a1472f65b25e97092828fc50b

SHA1
096632cd8c381fc2ab44e47712f5c10e13bacc67

SHA256
528d48fb52c0f9610ca66126da528f267029d1b459dbe0be04b0d383c45de117

SHA512
72fd8f79d30d27239c94b2efc9e032e4f1b78a7c8b7a16008366537f86701cf7ea9c62014e6d36ff4158c5202c063263a52f6a02edc46e4cfa99a4a3200c5c90

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e88fe01a1472f65b25e97092828fc50b

SHA1
096632cd8c381fc2ab44e47712f5c10e13bacc67

SHA256
528d48fb52c0f9610ca66126da528f267029d1b459dbe0be04b0d383c45de117

SHA512
72fd8f79d30d27239c94b2efc9e032e4f1b78a7c8b7a16008366537f86701cf7ea9c62014e6d36ff4158c5202c063263a52f6a02edc46e4cfa99a4a3200c5c90

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e88fe01a1472f65b25e97092828fc50b

SHA1
096632cd8c381fc2ab44e47712f5c10e13bacc67

SHA256
528d48fb52c0f9610ca66126da528f267029d1b459dbe0be04b0d383c45de117

SHA512
72fd8f79d30d27239c94b2efc9e032e4f1b78a7c8b7a16008366537f86701cf7ea9c62014e6d36ff4158c5202c063263a52f6a02edc46e4cfa99a4a3200c5c90

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d89b37c552e233412dae7538cdb2c8

SHA1
4627c8044eed880b33ac2afb5c26eb68383a6365

SHA256
93f9bfb6ceee195acd53ec0bf219c1d9780383790f92f5d88bf979413d68029f

SHA512
d3dd9f7796511daab1fd63d1a4fa90c75164d7a634e61b9cd2626eac1ea9edadc5dc9aa25ab64a4e79f40f4cd9b2d7e0eea528ac51546a487bdea63ed2158a47

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d89b37c552e233412dae7538cdb2c8

SHA1
4627c8044eed880b33ac2afb5c26eb68383a6365

SHA256
93f9bfb6ceee195acd53ec0bf219c1d9780383790f92f5d88bf979413d68029f

SHA512
d3dd9f7796511daab1fd63d1a4fa90c75164d7a634e61b9cd2626eac1ea9edadc5dc9aa25ab64a4e79f40f4cd9b2d7e0eea528ac51546a487bdea63ed2158a47

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d89b37c552e233412dae7538cdb2c8

SHA1
4627c8044eed880b33ac2afb5c26eb68383a6365

SHA256
93f9bfb6ceee195acd53ec0bf219c1d9780383790f92f5d88bf979413d68029f

SHA512
d3dd9f7796511daab1fd63d1a4fa90c75164d7a634e61b9cd2626eac1ea9edadc5dc9aa25ab64a4e79f40f4cd9b2d7e0eea528ac51546a487bdea63ed2158a47

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
0f12c5e59ca0e15ed0750fc43e408a39

SHA1
c986abafeaab6ac205757543465e792de03550b8

SHA256
feb20ddf379da04b39cbc230e97dc54bb34011041457827b87eea08420d52128

SHA512
de0552072502601c8f25dc4097efa855102d4983b36448dc714b1750bad2801dde37310747b71c7eb39d2f79eb7af81a1acd1212ff491dc996311b887895c4a1

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
0f12c5e59ca0e15ed0750fc43e408a39

SHA1
c986abafeaab6ac205757543465e792de03550b8

SHA256
feb20ddf379da04b39cbc230e97dc54bb34011041457827b87eea08420d52128

SHA512
de0552072502601c8f25dc4097efa855102d4983b36448dc714b1750bad2801dde37310747b71c7eb39d2f79eb7af81a1acd1212ff491dc996311b887895c4a1

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
0f12c5e59ca0e15ed0750fc43e408a39

SHA1
c986abafeaab6ac205757543465e792de03550b8

SHA256
feb20ddf379da04b39cbc230e97dc54bb34011041457827b87eea08420d52128

SHA512
de0552072502601c8f25dc4097efa855102d4983b36448dc714b1750bad2801dde37310747b71c7eb39d2f79eb7af81a1acd1212ff491dc996311b887895c4a1

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e88fe01a1472f65b25e97092828fc50b

SHA1
096632cd8c381fc2ab44e47712f5c10e13bacc67

SHA256
528d48fb52c0f9610ca66126da528f267029d1b459dbe0be04b0d383c45de117

SHA512
72fd8f79d30d27239c94b2efc9e032e4f1b78a7c8b7a16008366537f86701cf7ea9c62014e6d36ff4158c5202c063263a52f6a02edc46e4cfa99a4a3200c5c90

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3ab18e8ebdce94de17fb8c448efc4fd6

SHA1
af6ca87f9b43d1305761d82b1406a28b4ff10445

SHA256
8353323339c2d58fe6e6dc6a125ae50987fa3d662cb4b1cb8c0c145094fc65c5

SHA512
a737c500380441fb8f17f762fa2e5fe10bb8f341db3f7e8a92d428f10a8a697129f370d558561588b036871280ccd30aebaf3a880be5088c1c192c56a27fada4

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3ab18e8ebdce94de17fb8c448efc4fd6

SHA1
af6ca87f9b43d1305761d82b1406a28b4ff10445

SHA256
8353323339c2d58fe6e6dc6a125ae50987fa3d662cb4b1cb8c0c145094fc65c5

SHA512
a737c500380441fb8f17f762fa2e5fe10bb8f341db3f7e8a92d428f10a8a697129f370d558561588b036871280ccd30aebaf3a880be5088c1c192c56a27fada4

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e88fe01a1472f65b25e97092828fc50b

SHA1
096632cd8c381fc2ab44e47712f5c10e13bacc67

SHA256
528d48fb52c0f9610ca66126da528f267029d1b459dbe0be04b0d383c45de117

SHA512
72fd8f79d30d27239c94b2efc9e032e4f1b78a7c8b7a16008366537f86701cf7ea9c62014e6d36ff4158c5202c063263a52f6a02edc46e4cfa99a4a3200c5c90

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e2cd1bf00039b4c0aba7ee22aab0b3fc

SHA1
8dfaabd7658f76b8d518e1ff0429dcb941e24ac1

SHA256
ac9410baaa36235d7e6b33929dcf7b03c26a9e01b6706837d76e166d50ed203d

SHA512
1312639ea52877971b974b3449d5a90ead1810f4ee5e26d7312ed83ffc22d403f05ceb5196eec437dfdb945888dbbd88b0ca6346b5753dcfa4290b8c2218b69e

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e2cd1bf00039b4c0aba7ee22aab0b3fc

SHA1
8dfaabd7658f76b8d518e1ff0429dcb941e24ac1

SHA256
ac9410baaa36235d7e6b33929dcf7b03c26a9e01b6706837d76e166d50ed203d

SHA512
1312639ea52877971b974b3449d5a90ead1810f4ee5e26d7312ed83ffc22d403f05ceb5196eec437dfdb945888dbbd88b0ca6346b5753dcfa4290b8c2218b69e

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d89b37c552e233412dae7538cdb2c8

SHA1
4627c8044eed880b33ac2afb5c26eb68383a6365

SHA256
93f9bfb6ceee195acd53ec0bf219c1d9780383790f92f5d88bf979413d68029f

SHA512
d3dd9f7796511daab1fd63d1a4fa90c75164d7a634e61b9cd2626eac1ea9edadc5dc9aa25ab64a4e79f40f4cd9b2d7e0eea528ac51546a487bdea63ed2158a47

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d89b37c552e233412dae7538cdb2c8

SHA1
4627c8044eed880b33ac2afb5c26eb68383a6365

SHA256
93f9bfb6ceee195acd53ec0bf219c1d9780383790f92f5d88bf979413d68029f

SHA512
d3dd9f7796511daab1fd63d1a4fa90c75164d7a634e61b9cd2626eac1ea9edadc5dc9aa25ab64a4e79f40f4cd9b2d7e0eea528ac51546a487bdea63ed2158a47

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
0f12c5e59ca0e15ed0750fc43e408a39

SHA1
c986abafeaab6ac205757543465e792de03550b8

SHA256
feb20ddf379da04b39cbc230e97dc54bb34011041457827b87eea08420d52128

SHA512
de0552072502601c8f25dc4097efa855102d4983b36448dc714b1750bad2801dde37310747b71c7eb39d2f79eb7af81a1acd1212ff491dc996311b887895c4a1

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
0f12c5e59ca0e15ed0750fc43e408a39

SHA1
c986abafeaab6ac205757543465e792de03550b8

SHA256
feb20ddf379da04b39cbc230e97dc54bb34011041457827b87eea08420d52128

SHA512
de0552072502601c8f25dc4097efa855102d4983b36448dc714b1750bad2801dde37310747b71c7eb39d2f79eb7af81a1acd1212ff491dc996311b887895c4a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads