c25001296e026890695d98d012ba577b7efeafc4fff71e6c4a170d4c3d2e19dd

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2f02345126c1e42303f1a25a8cfd3190.exe
Size

61KB
MD5

2f02345126c1e42303f1a25a8cfd3190
SHA1

9bbf108ebdbe124122b249d0014abca726866349
SHA256

c25001296e026890695d98d012ba577b7efeafc4fff71e6c4a170d4c3d2e19dd
SHA512

39ca1cff8100a00d48abe909e06915d855e8a12fdb4a94a5b31a46f0352b35624b0bd565bd14fb7e9867c30b7722030e723552c2fa31a24fcb1bc6fe93901107
SSDEEP

1536:1ttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wMQle5:ddse4OlQZo6EKEFdGM2DQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4248	ewiuer2.exe
400	ewiuer2.exe
2544	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4248	4960	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	86
PID 4960 wrote to memory of 4248	4960	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	86
PID 4960 wrote to memory of 4248	4960	NEAS.2f02345126c1e42303f1a25a8cfd3190.exe	86
PID 4248 wrote to memory of 400	4248	ewiuer2.exe	99
PID 4248 wrote to memory of 400	4248	ewiuer2.exe	99
PID 4248 wrote to memory of 400	4248	ewiuer2.exe	99
PID 400 wrote to memory of 2544	400	ewiuer2.exe	100
PID 400 wrote to memory of 2544	400	ewiuer2.exe	100
PID 400 wrote to memory of 2544	400	ewiuer2.exe	100

C:\Users\Admin\AppData\Local\Temp\NEAS.2f02345126c1e42303f1a25a8cfd3190.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2f02345126c1e42303f1a25a8cfd3190.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:400
  - - C:\Windows\SysWOW64\ewiuer2.exe
      C:\Windows\SysWOW64\ewiuer2.exe /nomove
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
67d4c037322cbef0d2ddae74f3fdee06

SHA1
3d7e8e35ba2287e64e0d852c3f4c1ed43e9401b4

SHA256
35cdf417401c0ece835626bf8c3fb7cc3f9950e75624a337f9859b09f2fe5b3f

SHA512
6f8c9a7c0fa514447f5e50890947be837b46a8515830b772e04fe659456290033623fccce67a7f1df14540b61012732884581ffbd557389dbf558d93585044b7

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
17e10bf784282fc17c4b040e84a4c700

SHA1
7ed27bbb2173c2ed73a8d49ba893a52f24c51b72

SHA256
e1213ba7e8f9486241c8415732bc7715d78c49f7214e29482e305096345f9552

SHA512
4b16bbdea73bfc947b16d8495a95c6098add302565b38c0de1582b1283eac1c40a20920ac4ad3db97b8aede6c045186f57d62c29974e2000ba9e3da0ee50bb1c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
17e10bf784282fc17c4b040e84a4c700

SHA1
7ed27bbb2173c2ed73a8d49ba893a52f24c51b72

SHA256
e1213ba7e8f9486241c8415732bc7715d78c49f7214e29482e305096345f9552

SHA512
4b16bbdea73bfc947b16d8495a95c6098add302565b38c0de1582b1283eac1c40a20920ac4ad3db97b8aede6c045186f57d62c29974e2000ba9e3da0ee50bb1c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
17e10bf784282fc17c4b040e84a4c700

SHA1
7ed27bbb2173c2ed73a8d49ba893a52f24c51b72

SHA256
e1213ba7e8f9486241c8415732bc7715d78c49f7214e29482e305096345f9552

SHA512
4b16bbdea73bfc947b16d8495a95c6098add302565b38c0de1582b1283eac1c40a20920ac4ad3db97b8aede6c045186f57d62c29974e2000ba9e3da0ee50bb1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads