c25001296e026890695d98d012ba577b7efeafc4fff71e6c4a170d4c3d2e19dd

Analysis

max time kernel
195s
max time network
219s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2f02345126c1e42303f1a25a8cfd3190.exe
Size

61KB
MD5

2f02345126c1e42303f1a25a8cfd3190
SHA1

9bbf108ebdbe124122b249d0014abca726866349
SHA256

c25001296e026890695d98d012ba577b7efeafc4fff71e6c4a170d4c3d2e19dd
SHA512

39ca1cff8100a00d48abe909e06915d855e8a12fdb4a94a5b31a46f0352b35624b0bd565bd14fb7e9867c30b7722030e723552c2fa31a24fcb1bc6fe93901107
SSDEEP

1536:1ttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wMQle5:ddse4OlQZo6EKEFdGM2DQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2648	ewiuer2.exe
2504	ewiuer2.exe
2736	ewiuer2.exe
1708	ewiuer2.exe
1544	ewiuer2.exe

Loads dropped DLL 10 IoCs

pid	Process
2744	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe
2744	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe
2648	ewiuer2.exe
2648	ewiuer2.exe
2504	ewiuer2.exe
2504	ewiuer2.exe
2736	ewiuer2.exe
2736	ewiuer2.exe
1708	ewiuer2.exe
1708	ewiuer2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2648	2744	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	29
PID 2744 wrote to memory of 2648	2744	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	29
PID 2744 wrote to memory of 2648	2744	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	29
PID 2744 wrote to memory of 2648	2744	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	29
PID 2648 wrote to memory of 2504	2648	ewiuer2.exe	32
PID 2648 wrote to memory of 2504	2648	ewiuer2.exe	32
PID 2648 wrote to memory of 2504	2648	ewiuer2.exe	32
PID 2648 wrote to memory of 2504	2648	ewiuer2.exe	32
PID 2504 wrote to memory of 2736	2504	ewiuer2.exe	33
PID 2504 wrote to memory of 2736	2504	ewiuer2.exe	33
PID 2504 wrote to memory of 2736	2504	ewiuer2.exe	33
PID 2504 wrote to memory of 2736	2504	ewiuer2.exe	33
PID 2736 wrote to memory of 1708	2736	ewiuer2.exe	35
PID 2736 wrote to memory of 1708	2736	ewiuer2.exe	35
PID 2736 wrote to memory of 1708	2736	ewiuer2.exe	35
PID 2736 wrote to memory of 1708	2736	ewiuer2.exe	35
PID 1708 wrote to memory of 1544	1708	ewiuer2.exe	36
PID 1708 wrote to memory of 1544	1708	ewiuer2.exe	36
PID 1708 wrote to memory of 1544	1708	ewiuer2.exe	36
PID 1708 wrote to memory of 1544	1708	ewiuer2.exe	36

C:\Users\Admin\AppData\Local\Temp\NEAS.2f02345126c1e42303f1a25a8cfd3190.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2f02345126c1e42303f1a25a8cfd3190.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1708
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        
        PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NV5K0542.txt

Filesize
225B

MD5
598d8f7c22749a62054453d0ce1d4cdc

SHA1
016bf7ad7b976f42e5ede7fefa40255894ab64f6

SHA256
d0ef6bcb66dc0122e683f16af23d337ff1c7f8af0f79609b8164313151ccc869

SHA512
09daeddc6598b9185a6c785ea741dd796de9abf45a657060cc8f14bfc69e671960132180ccdd21daf9bde30949befa0973aee40ba981d5cf31b57242b1024156

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3b8681a8851566a7c8c59aad6a7e3db9

SHA1
7f6b7262e02299a651ff032cdbda2d22455ce1aa

SHA256
b25fedd34ab90cdb6479e1bfffd0a4dc80a2b02ba2db259f2585b2f0a3a861fc

SHA512
60091f5f9fef7e925fc938f4365083e4ada2f903773d798353aa362a8023470f166b1acb2e81c352d18107097969f81de8fd6b444fd027a7ddf5a2b967838b52

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3b8681a8851566a7c8c59aad6a7e3db9

SHA1
7f6b7262e02299a651ff032cdbda2d22455ce1aa

SHA256
b25fedd34ab90cdb6479e1bfffd0a4dc80a2b02ba2db259f2585b2f0a3a861fc

SHA512
60091f5f9fef7e925fc938f4365083e4ada2f903773d798353aa362a8023470f166b1acb2e81c352d18107097969f81de8fd6b444fd027a7ddf5a2b967838b52

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3b8681a8851566a7c8c59aad6a7e3db9

SHA1
7f6b7262e02299a651ff032cdbda2d22455ce1aa

SHA256
b25fedd34ab90cdb6479e1bfffd0a4dc80a2b02ba2db259f2585b2f0a3a861fc

SHA512
60091f5f9fef7e925fc938f4365083e4ada2f903773d798353aa362a8023470f166b1acb2e81c352d18107097969f81de8fd6b444fd027a7ddf5a2b967838b52

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c72a850b320fe421612a64294818ab1e

SHA1
d4ab04a7ae3d61aada69d923c9e3696af053ec88

SHA256
5be36e2837fb9b6cd85b3ddf29082782d8ca445c23450b2cef042be53254cc68

SHA512
7a97ec62d3e89284064ffb3a776cff7d8dbad1e8d254507f18e1fcc6e020c037d9889b4bdcbe1c453968a0bc6525efb999d0eaa1f6f201f7da520e2578bb36fe

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c72a850b320fe421612a64294818ab1e

SHA1
d4ab04a7ae3d61aada69d923c9e3696af053ec88

SHA256
5be36e2837fb9b6cd85b3ddf29082782d8ca445c23450b2cef042be53254cc68

SHA512
7a97ec62d3e89284064ffb3a776cff7d8dbad1e8d254507f18e1fcc6e020c037d9889b4bdcbe1c453968a0bc6525efb999d0eaa1f6f201f7da520e2578bb36fe

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c72a850b320fe421612a64294818ab1e

SHA1
d4ab04a7ae3d61aada69d923c9e3696af053ec88

SHA256
5be36e2837fb9b6cd85b3ddf29082782d8ca445c23450b2cef042be53254cc68

SHA512
7a97ec62d3e89284064ffb3a776cff7d8dbad1e8d254507f18e1fcc6e020c037d9889b4bdcbe1c453968a0bc6525efb999d0eaa1f6f201f7da520e2578bb36fe

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d8aa6e47c169c94c5e1a8904849ae7

SHA1
0ee005fa4d1ef0a69bb8194c1b6a2b8b58108bb2

SHA256
16070c7b22710e5145dca72e2cf3ebd3ddcfc70a05d7d3cf10f350a7909b2de3

SHA512
94b4bd903fe424a1657674a042c3582707d18e9b13b27a7e233c97e497de5cc5763ac3dbe85ea3f8f3fd338dcf8fa71f32a8702dd133567b3cc40930c8a0a9c2

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d8aa6e47c169c94c5e1a8904849ae7

SHA1
0ee005fa4d1ef0a69bb8194c1b6a2b8b58108bb2

SHA256
16070c7b22710e5145dca72e2cf3ebd3ddcfc70a05d7d3cf10f350a7909b2de3

SHA512
94b4bd903fe424a1657674a042c3582707d18e9b13b27a7e233c97e497de5cc5763ac3dbe85ea3f8f3fd338dcf8fa71f32a8702dd133567b3cc40930c8a0a9c2

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d8aa6e47c169c94c5e1a8904849ae7

SHA1
0ee005fa4d1ef0a69bb8194c1b6a2b8b58108bb2

SHA256
16070c7b22710e5145dca72e2cf3ebd3ddcfc70a05d7d3cf10f350a7909b2de3

SHA512
94b4bd903fe424a1657674a042c3582707d18e9b13b27a7e233c97e497de5cc5763ac3dbe85ea3f8f3fd338dcf8fa71f32a8702dd133567b3cc40930c8a0a9c2

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
eec69868b01344d4136b28bd7a72e349

SHA1
fa2ed73db1846362456438a622537cf512f98e89

SHA256
4b4656cd62416a4d42340d713ade14d66648af4e7a2b14de54880763e1448c65

SHA512
25fbea136ae2e9dc07d06817cb62086c031adac39cf28545562073a16579123f77ddd2a165300c9b0673c14362f2209e8d04564e54558940a0631f22ccc7fdbc

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
eec69868b01344d4136b28bd7a72e349

SHA1
fa2ed73db1846362456438a622537cf512f98e89

SHA256
4b4656cd62416a4d42340d713ade14d66648af4e7a2b14de54880763e1448c65

SHA512
25fbea136ae2e9dc07d06817cb62086c031adac39cf28545562073a16579123f77ddd2a165300c9b0673c14362f2209e8d04564e54558940a0631f22ccc7fdbc

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
eec69868b01344d4136b28bd7a72e349

SHA1
fa2ed73db1846362456438a622537cf512f98e89

SHA256
4b4656cd62416a4d42340d713ade14d66648af4e7a2b14de54880763e1448c65

SHA512
25fbea136ae2e9dc07d06817cb62086c031adac39cf28545562073a16579123f77ddd2a165300c9b0673c14362f2209e8d04564e54558940a0631f22ccc7fdbc

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3b8681a8851566a7c8c59aad6a7e3db9

SHA1
7f6b7262e02299a651ff032cdbda2d22455ce1aa

SHA256
b25fedd34ab90cdb6479e1bfffd0a4dc80a2b02ba2db259f2585b2f0a3a861fc

SHA512
60091f5f9fef7e925fc938f4365083e4ada2f903773d798353aa362a8023470f166b1acb2e81c352d18107097969f81de8fd6b444fd027a7ddf5a2b967838b52

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3b8681a8851566a7c8c59aad6a7e3db9

SHA1
7f6b7262e02299a651ff032cdbda2d22455ce1aa

SHA256
b25fedd34ab90cdb6479e1bfffd0a4dc80a2b02ba2db259f2585b2f0a3a861fc

SHA512
60091f5f9fef7e925fc938f4365083e4ada2f903773d798353aa362a8023470f166b1acb2e81c352d18107097969f81de8fd6b444fd027a7ddf5a2b967838b52

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c72a850b320fe421612a64294818ab1e

SHA1
d4ab04a7ae3d61aada69d923c9e3696af053ec88

SHA256
5be36e2837fb9b6cd85b3ddf29082782d8ca445c23450b2cef042be53254cc68

SHA512
7a97ec62d3e89284064ffb3a776cff7d8dbad1e8d254507f18e1fcc6e020c037d9889b4bdcbe1c453968a0bc6525efb999d0eaa1f6f201f7da520e2578bb36fe

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c72a850b320fe421612a64294818ab1e

SHA1
d4ab04a7ae3d61aada69d923c9e3696af053ec88

SHA256
5be36e2837fb9b6cd85b3ddf29082782d8ca445c23450b2cef042be53254cc68

SHA512
7a97ec62d3e89284064ffb3a776cff7d8dbad1e8d254507f18e1fcc6e020c037d9889b4bdcbe1c453968a0bc6525efb999d0eaa1f6f201f7da520e2578bb36fe

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d8aa6e47c169c94c5e1a8904849ae7

SHA1
0ee005fa4d1ef0a69bb8194c1b6a2b8b58108bb2

SHA256
16070c7b22710e5145dca72e2cf3ebd3ddcfc70a05d7d3cf10f350a7909b2de3

SHA512
94b4bd903fe424a1657674a042c3582707d18e9b13b27a7e233c97e497de5cc5763ac3dbe85ea3f8f3fd338dcf8fa71f32a8702dd133567b3cc40930c8a0a9c2

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
69d8aa6e47c169c94c5e1a8904849ae7

SHA1
0ee005fa4d1ef0a69bb8194c1b6a2b8b58108bb2

SHA256
16070c7b22710e5145dca72e2cf3ebd3ddcfc70a05d7d3cf10f350a7909b2de3

SHA512
94b4bd903fe424a1657674a042c3582707d18e9b13b27a7e233c97e497de5cc5763ac3dbe85ea3f8f3fd338dcf8fa71f32a8702dd133567b3cc40930c8a0a9c2

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
eec69868b01344d4136b28bd7a72e349

SHA1
fa2ed73db1846362456438a622537cf512f98e89

SHA256
4b4656cd62416a4d42340d713ade14d66648af4e7a2b14de54880763e1448c65

SHA512
25fbea136ae2e9dc07d06817cb62086c031adac39cf28545562073a16579123f77ddd2a165300c9b0673c14362f2209e8d04564e54558940a0631f22ccc7fdbc

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
eec69868b01344d4136b28bd7a72e349

SHA1
fa2ed73db1846362456438a622537cf512f98e89

SHA256
4b4656cd62416a4d42340d713ade14d66648af4e7a2b14de54880763e1448c65

SHA512
25fbea136ae2e9dc07d06817cb62086c031adac39cf28545562073a16579123f77ddd2a165300c9b0673c14362f2209e8d04564e54558940a0631f22ccc7fdbc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads