9779261876e2c920dc4c80964ca9bab905af200eca079fe5374151a95d374885

Analysis

max time kernel
176s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3a71bd81036cc1b4f48e05df843a8730.exe
Size

61KB
MD5

3a71bd81036cc1b4f48e05df843a8730
SHA1

e8318e80be79edc479f1929bc010fe6c5df304f6
SHA256

9779261876e2c920dc4c80964ca9bab905af200eca079fe5374151a95d374885
SHA512

633e1d26e59253ea0e5a772640aa8811de940f117fe1f2f65c9e7c08889bde65ba444ec9c687c4f15766366693e332a79e0a160a65ce1a635d0289db2c2008e1
SSDEEP

768:oeJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:oQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4180	ewiuer2.exe
2904	ewiuer2.exe
1416	ewiuer2.exe
2312	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 4180	3552	NEAS.3a71bd81036cc1b4f48e05df843a8730.exe	91
PID 3552 wrote to memory of 4180	3552	NEAS.3a71bd81036cc1b4f48e05df843a8730.exe	91
PID 3552 wrote to memory of 4180	3552	NEAS.3a71bd81036cc1b4f48e05df843a8730.exe	91
PID 4180 wrote to memory of 2904	4180	ewiuer2.exe	107
PID 4180 wrote to memory of 2904	4180	ewiuer2.exe	107
PID 4180 wrote to memory of 2904	4180	ewiuer2.exe	107
PID 2904 wrote to memory of 1416	2904	ewiuer2.exe	108
PID 2904 wrote to memory of 1416	2904	ewiuer2.exe	108
PID 2904 wrote to memory of 1416	2904	ewiuer2.exe	108
PID 1416 wrote to memory of 2312	1416	ewiuer2.exe	110
PID 1416 wrote to memory of 2312	1416	ewiuer2.exe	110
PID 1416 wrote to memory of 2312	1416	ewiuer2.exe	110

C:\Users\Admin\AppData\Local\Temp\NEAS.3a71bd81036cc1b4f48e05df843a8730.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3a71bd81036cc1b4f48e05df843a8730.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1416
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
8a0f9c6b488636c55325594a4be3d16e

SHA1
4f973e88585cfbfc16032861c7117fd65cb3ca8d

SHA256
87c9fd50622c71e30c24204e11d488f08cf5cc39b62ec8aba2b70be3eea73330

SHA512
cc00bcca737f6b4ca59dd6eb09edd7930c8e3feb4a878f3beac5b8ce0329f51a89431c91c40397aa089aca040ebe0a70c361bd428d40debb81f8acee1d3ba9a7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
8a0f9c6b488636c55325594a4be3d16e

SHA1
4f973e88585cfbfc16032861c7117fd65cb3ca8d

SHA256
87c9fd50622c71e30c24204e11d488f08cf5cc39b62ec8aba2b70be3eea73330

SHA512
cc00bcca737f6b4ca59dd6eb09edd7930c8e3feb4a878f3beac5b8ce0329f51a89431c91c40397aa089aca040ebe0a70c361bd428d40debb81f8acee1d3ba9a7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
8a0f9c6b488636c55325594a4be3d16e

SHA1
4f973e88585cfbfc16032861c7117fd65cb3ca8d

SHA256
87c9fd50622c71e30c24204e11d488f08cf5cc39b62ec8aba2b70be3eea73330

SHA512
cc00bcca737f6b4ca59dd6eb09edd7930c8e3feb4a878f3beac5b8ce0329f51a89431c91c40397aa089aca040ebe0a70c361bd428d40debb81f8acee1d3ba9a7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
8a0f9c6b488636c55325594a4be3d16e

SHA1
4f973e88585cfbfc16032861c7117fd65cb3ca8d

SHA256
87c9fd50622c71e30c24204e11d488f08cf5cc39b62ec8aba2b70be3eea73330

SHA512
cc00bcca737f6b4ca59dd6eb09edd7930c8e3feb4a878f3beac5b8ce0329f51a89431c91c40397aa089aca040ebe0a70c361bd428d40debb81f8acee1d3ba9a7

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
8368b30f29fe2b817bf6ce21c9cefeac

SHA1
2343a54e77c199c4b2498b1d89969876be5688a2

SHA256
8763e3181c5ca7e4def6f4abaae31e0f1ba31750d4eb07715f653031fa9bdb42

SHA512
1b1c8f8fde6125c0acf8492affacf2d351bae931c35bf54ee103f09fc3d95b4fa00a62af245a9d26e2344c3c0ab312ef3e4291b4379aed161c9e05e16f9b9add

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
8368b30f29fe2b817bf6ce21c9cefeac

SHA1
2343a54e77c199c4b2498b1d89969876be5688a2

SHA256
8763e3181c5ca7e4def6f4abaae31e0f1ba31750d4eb07715f653031fa9bdb42

SHA512
1b1c8f8fde6125c0acf8492affacf2d351bae931c35bf54ee103f09fc3d95b4fa00a62af245a9d26e2344c3c0ab312ef3e4291b4379aed161c9e05e16f9b9add

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
3a71bd81036cc1b4f48e05df843a8730

SHA1
e8318e80be79edc479f1929bc010fe6c5df304f6

SHA256
9779261876e2c920dc4c80964ca9bab905af200eca079fe5374151a95d374885

SHA512
633e1d26e59253ea0e5a772640aa8811de940f117fe1f2f65c9e7c08889bde65ba444ec9c687c4f15766366693e332a79e0a160a65ce1a635d0289db2c2008e1

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
3a71bd81036cc1b4f48e05df843a8730

SHA1
e8318e80be79edc479f1929bc010fe6c5df304f6

SHA256
9779261876e2c920dc4c80964ca9bab905af200eca079fe5374151a95d374885

SHA512
633e1d26e59253ea0e5a772640aa8811de940f117fe1f2f65c9e7c08889bde65ba444ec9c687c4f15766366693e332a79e0a160a65ce1a635d0289db2c2008e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads