37cd4565e6391a815897017b13656b741eadadd956fd76686a1db80e3fbfdfd1

Analysis

max time kernel
147s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ewiuer2.exe
Size

61KB
MD5

619e43f7be3b12e7b615cc8ba15bb986
SHA1

cac1c4574acfe9a57072376fbcaba67db07067c6
SHA256

37cd4565e6391a815897017b13656b741eadadd956fd76686a1db80e3fbfdfd1
SHA512

65d050d206853d5b6a8d5eba0e982a4cb086644c046c96ba7b0dfa90cd92516a15b8efe7361efa3a72ba118730a41de872c4760715d926cc9d2e38e242b7436d
SSDEEP

768:8eJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:8QIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2104	ewiuer2.exe
3032	ewiuer2.exe
880	ewiuer2.exe

Loads dropped DLL 6 IoCs

pid	Process
2080	ewiuer2.exe
2080	ewiuer2.exe
2104	ewiuer2.exe
2104	ewiuer2.exe
3032	ewiuer2.exe
3032	ewiuer2.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2104	2080	ewiuer2.exe	16
PID 2080 wrote to memory of 2104	2080	ewiuer2.exe	16
PID 2080 wrote to memory of 2104	2080	ewiuer2.exe	16
PID 2080 wrote to memory of 2104	2080	ewiuer2.exe	16
PID 2104 wrote to memory of 3032	2104	ewiuer2.exe	33
PID 2104 wrote to memory of 3032	2104	ewiuer2.exe	33
PID 2104 wrote to memory of 3032	2104	ewiuer2.exe	33
PID 2104 wrote to memory of 3032	2104	ewiuer2.exe	33
PID 3032 wrote to memory of 880	3032	ewiuer2.exe	32
PID 3032 wrote to memory of 880	3032	ewiuer2.exe	32
PID 3032 wrote to memory of 880	3032	ewiuer2.exe	32
PID 3032 wrote to memory of 880	3032	ewiuer2.exe	32

C:\Users\Admin\AppData\Local\Temp\ewiuer2.exe
"C:\Users\Admin\AppData\Local\Temp\ewiuer2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3032

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
1⤵
- Executes dropped EXE
PID:880
- C:\Windows\SysWOW64\ewiuer2.exe
  C:\Windows\System32\ewiuer2.exe
  2⤵
  PID:1652

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
1⤵
PID:2308

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
1⤵
PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EO5CLS0J.txt

Filesize
223B

MD5
9f9cce84a58f812b6821853f1240797a

SHA1
c63319159232a3160341972826cf3efe9c5a23ee

SHA256
b02de04363bb876d662d827a43320dcdc82d87937407745691032fe4853aff3f

SHA512
18c47f3b81615a6d46aa1ee20d0910201bae66442b0ea424ba4336b25907d8d7e81354b87d078a26e1eda4229980ff6983fe2751af478a0a9fcd526b535df44e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NLPTIQEX.txt

Filesize
224B

MD5
c0a2cbc97f8e42bd4bfa6f187bd287bf

SHA1
a5366d3ceb6bd6e204987ec228bb2e2fccba2d34

SHA256
ff41d10e4266e4499b9ef9356a8232418d4195b738d7a1e15a7349670dd0da5e

SHA512
b30da3c1260411308b37ae90f1de75a7e547529094123e3a1f01c341d2e6760f7f512815c4756f3434a119ee61eb4e42caa79294deedb89ca8e0374ef262a93e

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
3KB

MD5
3ca9182a5fa0e501338b805085d93424

SHA1
7034c92338c9ea849a3bef9294ffd21d28983c16

SHA256
2ec7c6824b2b2d69ffe8b239715a83ef0a1f98d538a7c46486aba84015759a94

SHA512
6ce7bacca45d95be4eadb007f6a867f22a9064e8b614866716fd9781689739749ca2727274a74215aeb25c22ce3289aa94edd41f8cc2a50e2f81b32e7829813b

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
12KB

MD5
ea083f2553b9370dd846aa4d0fbcea81

SHA1
d1555da09d95c99a7fb36f62e0dc86cd2037dc53

SHA256
3a1d330936b9d1d8512e8303201b9dfb78c2b4f9a109e39b9547c4dada1fdfd5

SHA512
12f6477da877b8d6d24e238f094366a2b07db2f6e3f95c629d22693a8a163207f13c51bb73cdeff53a002600177e4f36a1ea53b9f85c31966b24b6dfe7a52dc1

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
7KB

MD5
9e5066dfef792c2a6de0f9e71cd1762c

SHA1
1afe044371a061107b5a6fdb91edb8a3815b6065

SHA256
5416fce9f9366faa01bc6a3fc7e4b4047c5d93e1c0f5c39a195e14c82c2a742b

SHA512
64ad1b5d08502686aa71f181a9af327bd3a1fb79abd87fc8953712acbd6f3d0e337d64235d6a8c0513e4ee22e94f8f538257105792c31c2e11cb83268f8e6ebd

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
5KB

MD5
7e787befbddad6def281830d02739c6b

SHA1
c9cc4794c6d40b5840cc89810ed54d0b3dbc3b97

SHA256
bddb95fac79b3d0dce19765d27773f005738667f9031424f60c06eec6f961d30

SHA512
cc40f6f4b89a238d95f3da8fa303cae49d94c5ecc91c0e81d8f027f730bd32e31315ee9dddf20008d026a18d7615e9e993cfca5ec8960a872c9e0df51dec2d91

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
10KB

MD5
4865cf1e33394e08c6e305df09a5dbd2

SHA1
491b39e742b19a3fbcbe1d936145cae3e65c622b

SHA256
272d2cfb7ca77c4fd761a8fb911254b1c7c3fd7656f33b2d5bf098db661208cb

SHA512
a85f3699fef3c10f4c032d82adf67f91d6009bd37ca914a9501107d4a3066f6e57a56677206a867193967ce79bcd43af67bdb163e8fdde8031398c8bb372e541

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
8KB

MD5
fa2b166cde588d57cb4ff99ea05b3b4b

SHA1
2b80e71081af57d8af6d996b733048c21fa3e461

SHA256
180c768702369df0408fa6793ebdfaf4c02b749cc5061cb3d1c4f8d37f449929

SHA512
57dc5a7d9bf3d11b8696326dc99ceb5819357e3ca986b5ced74a6ffe19c5fa2ed63f084ba0073b3dcad77adcf1451667829d0c117c65812779064e9ebe4593ef

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
1KB

MD5
8edbf18d51c06a19207b0dc7287b6a05

SHA1
3393a102f15b7cf1c530d14156902126990bb824

SHA256
295d0abc8076fbe555dc80e6d1c1285c005521d155a3f9cab9915d655f445847

SHA512
8a585b69c39d5daddd3421248a29eadb16b85bd62fdc9cb3bedcd86fa4c0c1b127d03a7b21bbca4cef3216549827cdf84de2331bcb6200e3d6f991501a17e32b

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
1KB

MD5
1f5749b50cd83df251bd5c7052d1cf93

SHA1
e2bbbbb1028d710857ec785196c2ead5b394afd1

SHA256
1c4e96f09dbe4ce27c4e2b73fa5c0ea37448f4b85f2cf043034fc632c4d696c0

SHA512
a5e706c566471b418f650538ad2869e2a9f4d1fba423e29a979f32fa6d4f3a9896d6ab9ebf5f216cfe13053a706afceae23dccceead53f289049ac88247d1380

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
8KB

MD5
9b1a7c03ea31ae6969f7720456078d28

SHA1
dc1f21d13b861d693ffafdebd652c2cd736fad78

SHA256
db541db34bb97d80b1675f44b768a0bc7f77491ff0137aed777dfc7da84558bb

SHA512
e5f0fabf4a7c26c0f821782375633cb4ad821106b68d8bbd51d12c8bef97232ab3e2a70ee0e8e4c15250ce6140964b96b8c1e86dcce8c5024e4352e76476f5e7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
12KB

MD5
31bad90b51a9ab9a8aee8aa2ab2c0e02

SHA1
c4404af36a6ae8d8505ad54da49be0d3a4a6b199

SHA256
023361b0cf9eecad313514fd24ad4f079d06a2a17405356a1a8fe96283edc7dd

SHA512
5fc812f7ea453de2d100ad7919082761f3b9e02f9c99b6f55d2fb4275691442460e593d02a70b0cf3b05e8f16d735ca497f18063be759416486556718fe420ab

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
9KB

MD5
41ccd0a83802455c38775883a6f7082e

SHA1
e2d21bd137891ba5989a356b35e57c7d2d192ccb

SHA256
d5287c11b85408926a368991a50a43f199494bd375f910f7121d133123782d53

SHA512
dfa922892c8e519c48221064b983f66834d35b8993de40c991ebdcef086eb50baa4b825de4955395912fe7774cd2b4e185e3f506c13e10139ead8d23258310f9

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
25KB

MD5
d73a1499abfe296e4b449aac6b829904

SHA1
e4e19f8532e22c86c8064eee0fe720928373fab8

SHA256
708014231a9a4fdb84951e46c05d5e73a03d98adc53096c12d3f52664f534e55

SHA512
4f5ff6d3d02fac37e24e212c30ae73f2de28db083814fdb5e17f41492f652fa5273eeb6dfcb1700959b122aceafb8331d0ce5dccd4f23a4049378b78c46c3761

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
d480caa9053572bb2c76b7febf3c96b3

SHA1
8135163a187c03987624596131eae5f106980d13

SHA256
86a08e864dd727bf35cc426e503616f730fbd8efeeca49d4cfd21f62ed0dc649

SHA512
bb52efc21612ad8fc515d97e767663dd72ae17f8296bf8e54eb431a890411aea7da25fcb41b77ed0fa2afbb915e19d8aba8582dee8f6b4c120da6edc070fc78f

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
46KB

MD5
0fc2617b30f055dbe84f94f577023d61

SHA1
e2e8303a50ccf58d5df0c01d40e42d6d4ce13778

SHA256
cf97773feffdacb18c2ec5ba2e2b5fe2b589646420e247220865dd1f3e8f894b

SHA512
a04a5e15c373ebf9b122e7a7244284415dea18237f4de53e9e8a6de42aa6e75e0037e70fe784606694d03fa284de90cbdaeeed6e722fed51f7508e1b248501ed

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
56KB

MD5
050521cfc5ba4d5615e0b8768d9e3c8f

SHA1
578ee1d1bc09322a711ecaaaa796cc9f6d9e9f36

SHA256
9fad0a295490a919eb0e313540865bc82b260e3d0003598e1d7b9473b7d34b85

SHA512
c78eee4b5cecdc417a1a000cbb0a63e3c1035456c60ba4992ac23690bb456bb30c78cd34349e18f3d03026569ee6d8ab0310194e82a62eb5d485470d85566d99

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
10KB

MD5
4b3fd87cc528241dfefe42c48c07a1ae

SHA1
cd295a050fd667e575f32aabf8987de08b6a583f

SHA256
e88ada132033af30007749dbd720a312608071541f40556473d5c1849a7d703a

SHA512
e1a286bb8afe798c0187e836f48daaa9b02cf322447996279c275172ca8ce9b621447932d61190a4bc7c9828540d300861f4a16667664b8abb815b9d31a77f7a

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
12KB

MD5
2ae67fcedcc45f6dd0498d8413cfdf5b

SHA1
72d0e915bd6110df0a34435dc6d3d1efe1a5ab9e

SHA256
c6f327d0abd677509bf25b165eabb3db8b1266c22ebf5a143395ec28eb93dc8d

SHA512
c7388621947c5c77d4d191e3808db7ff4d8fad67be6e1d96cad5c0ea61127bf2ee73d021ab425a4fe017f70bab4622c413ebe41558e7d6909dd60c0e607032bf

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
5KB

MD5
181f2054a39c86a138256214bd67ff93

SHA1
a56347ad9495772dc5fae8ae16b0ee560cfb4cb2

SHA256
224d1a477a4bde6ac05a35167e8bae08eec81ae207af9e4e66301c74e8af50b9

SHA512
15bc00fea6d92339c8158ba0cf006d951a9baf7b6fe003b067153bf5f1009e029f783e1afba81f143bfa8e1ce7abbccf480c2515d96d024987270cfdfe743b32

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
17KB

MD5
f40e12269bb67a6eb17ae87249ece0dc

SHA1
6dc675ec9ab5afd441f6fcf9fbc4f7d0bfa174e3

SHA256
863aed935451bab124af1f326dcd33a03f54840b9f20330b56ae70c85bf2d333

SHA512
f026141bf4b50a7b2a63ce658ea159ce978af5b12ad94179e6fea2ec08f34abf332e41794b20a5376577f2887cc4a27eb39aca1c1480ae99747ec6104c9af95c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
1KB

MD5
f28e816b9af577f09104a641e696ee53

SHA1
bcd65381c8c31d5049f6b713d8fd7589c3f66966

SHA256
1b11a9b52a76f7e77964ee4a4dd8a8d72ac6923522419d5a955e1a6146422f3b

SHA512
4e2960e5c5b88e250396c9172b51287def7f39d130660e3be14442e81fc9fe110cf630200b37f07cd3597e0d25ccca8bd333d13e1c5110f25845d249265352aa

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
31KB

MD5
d1a34447755ebfd27bc68cf5138a466d

SHA1
d910b9cfeec912c0c938516c5a96d189f59423d3

SHA256
325545ca033182cb76e9d7831561e3c9b6a637a7102c1131d882a9867a627067

SHA512
e918c882411a53b930044f0a3d2f339b7a81d960826ddac1e9463b4e419f8477bea1f64c0659d212d4345f601c25e89684f0768e055bc4e60591892e5775e7e1

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
30KB

MD5
624af54dfdeca8bf10b823a8b82b358c

SHA1
cb3f0bd4ae3c14b0d42947c1ae8fdb9345b3c6cd

SHA256
c80a4a3212e8bb987003ba2ea13f4c652f96c2a2c131678a37af4c68a80abf40

SHA512
c63e1ed51512d838cf1538e12fa0bbd35a493e2e04d7016fe31499ec5e4dcdded89f02e873b49fd3d4c939475b710d9deb3e2b976142eee258559b7c2f2ce751

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
27KB

MD5
11d8f7b53bef81ae2c67166868ced35a

SHA1
8f59e9f23b736cad3229f9f2ad498e05862f214e

SHA256
9226f4bc4323832f959670dfe5b436d677f5eb376bb6e58e07ab5718e463a0ac

SHA512
545bd2c52b182deece8a44abb4c666ce955f69d1044cf82261ef45db62490f6f681d2a8bb8593d58f8f1c5ae21a788c6efca25c63aeed530724d5c4ad9dd5efb

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
5KB

MD5
b0bf3eab7f0cf267a274f2c09843211c

SHA1
6564ca800f445187d53443f1f476f83abb36a7a6

SHA256
9d66e27115ad91ce72d0739dea2e5d3b0b24e26ec3047128b4842feb3b44914f

SHA512
9ee9cf4cfd27c5e467f42f15cc29b2cf594e22d84d1bcf084546396bde8ed39be790c7f80fa979b52b2dec79687d77c5ea64c922a9fa58670e6c793747850a6a

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
3KB

MD5
1418c1d4eb9c8e097a13f4fc9299f769

SHA1
99984ac6be9aa74fd7c93b302d7b38373507e475

SHA256
f84f3b1bf3920dabfacc038a1a44090cc0bd4d2dd696130182f494cf01679b8c

SHA512
8038e5ea5049ffd0d14b0a9765f18b440df3fe565e1950a984b042a450a52f7a154aac5b043356bda7b39ae04df668ad0c552cef9515aa79f69b4b6329a0d19f

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
18KB

MD5
2a42af22a59b5430eadf2b4b541a702f

SHA1
7a16b2c0b119262ef3856366fd7056aaeed4b6f9

SHA256
667942dd17c42c7246efb4b30963cb02b1d2a069d76ce4182c1a8aafdb486601

SHA512
3833b58fd75acfc6a73cfba0732ba4c32bb87fbd7f2aca0847f0f0c3fc786c92cf31b6b6a6f1a7d1f9df0c9d231e706578f8b33c6a0c7bd379e14fd303262bab

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
37KB

MD5
5c16d49fa1a089089a2ac7b2f8dde25d

SHA1
bfb6871e2c7aa847ccefe7ad2b093296e5f2a0c6

SHA256
f025e7d15146950d221e3770b81bfc600cfaa1698b7b08206a68d55695eadbd6

SHA512
d680ff6b34e738c331704c2286d89d482eec757609378fea2f31aa44d9c957e69f2f75c4632d12cd536b6325d0145a3af3629ea01447211bc568c72bbded260a

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
48KB

MD5
28e8e78747994b8c9eb29337adf18ea2

SHA1
0cb5da6e9af598c28dd679de2da3889a892e53cf

SHA256
69b4d93ef4a86acff70ffaa62b890f7929ffd7a201fc8dd32c78802175775f4d

SHA512
7aad6568ff492416501fd8675444f829a95318f89fd863b8884bcc7f3540ba90ade57133ddb9f09a5dcf572ef9d47f760ad32fa2a9867e0f0621de57cb41ef40

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
5KB

MD5
6823ea4e36eb55a51790381344ab9a83

SHA1
59c3d2f035d2ccc161086590b690a5cc292a244b

SHA256
137b27a8a5d5e66dd56dec009843161590b498bd51682244f1c848e48c533958

SHA512
31a241571e1a0482f2863934dda57fffb207c539581112b7b94833a91abaed5f79e492f3853c21eb05291450ae8e66940ebcf64f6d84bdddefa6371bca87347b

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
18KB

MD5
1adaac0098520154f5f93ae2f75c0f89

SHA1
e93be1e2e7aeb9889b89f42487cce53daefd9ffe

SHA256
311630e603d40b452bd75b5d17de873346d6f99cd81a1f90f4b7548e72176688

SHA512
5cf4122ca0170388e7b595db43168086d7aa3a2f3765a1539d6672844fc6e4790d8926179771ed3fbfa1242aabf4f214b768b1d8fdff8235176c57ba6756cf18

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
1KB

MD5
0c04d7671b24b97fca0d3158d22e5be9

SHA1
34215643ae48e08787a58a60317120608c421a65

SHA256
7b40c8b6571962dcad2f0162da9717268ebd6f61a07a9401e40cbb261fc38204

SHA512
3d745cb192339afa1bdc6d44227ac109954179f8b0d8a5ecd981228ffdd7458c832afc140cab1d7e0c7e38f76e03395839492edb7910e823c501630b7d2d0f43

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
1KB

MD5
5133cdf6e2f9af60cefb4bea92910b20

SHA1
ad042d7d33352cf37acdc7c3aba75a518f372525

SHA256
dea4969d7c0001ed2cc5489fdc086babc1263ce4503fe26594e954e80a1e5056

SHA512
e093749a10b551a4c88df58cdc0e6a647051d0f378df1448bc9e162e8702934878d89054580803277d7964096e5c803cefb6cb9d9800573d5cf5ff3b826600e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads