683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf

Analysis

max time kernel
188s
max time network
223s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 20:38

Target

683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe
Size

61KB
MD5

027560a5e6b31c75f68ef9d25d016dd2
SHA1

57bd05fc996e7eda5f5ba8f198b5e7d731212382
SHA256

683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf
SHA512

72b566855dcc9928e10148fb98df62c4cc7802b2b27373aa0332da0aa0ac8e49673a63b2b7718f4f2590075ea4ce9b03162e06c57622baa3c2c95db5db201b89
SSDEEP

1536:+ttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wHle5:mdse4OlQZo6EKEFdGM2Sle5

Score

7^/10

Executes dropped EXE 4 IoCs

Loads dropped DLL 8 IoCs

pid	Process
2420	683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe
2420	683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe
2676	ewiuer2.exe
2676	ewiuer2.exe
2464	ewiuer2.exe
2464	ewiuer2.exe
1428	ewiuer2.exe
1428	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2676	2420	683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe	29
PID 2420 wrote to memory of 2676	2420	683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe	29
PID 2420 wrote to memory of 2676	2420	683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe	29
PID 2420 wrote to memory of 2676	2420	683ffb7c2afe7e5e6ec52ecb98e734ee61a692077ea752c11c184871334d81cf.exe	29
PID 2676 wrote to memory of 2464	2676	ewiuer2.exe	32
PID 2676 wrote to memory of 2464	2676	ewiuer2.exe	32
PID 2676 wrote to memory of 2464	2676	ewiuer2.exe	32
PID 2676 wrote to memory of 2464	2676	ewiuer2.exe	32
PID 2464 wrote to memory of 1428	2464	ewiuer2.exe	33
PID 2464 wrote to memory of 1428	2464	ewiuer2.exe	33
PID 2464 wrote to memory of 1428	2464	ewiuer2.exe	33
PID 2464 wrote to memory of 1428	2464	ewiuer2.exe	33
PID 1428 wrote to memory of 1788	1428	ewiuer2.exe	35
PID 1428 wrote to memory of 1788	1428	ewiuer2.exe	35
PID 1428 wrote to memory of 1788	1428	ewiuer2.exe	35
PID 1428 wrote to memory of 1788	1428	ewiuer2.exe	35

\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
47927998f196b1654c96e37fc9762bb9

SHA1
9763ca92ad9b90546af6722a2fcbc03da68537aa

SHA256
7a29b4d89b40b55008c27185ceb5899340d4b99771c1d1c5c2a76e9f065fe9f7

SHA512
f705d55fd35475d7767086c3e4637a7ab285a2ac6bd3cb6b5c6c4c9e9ccefb0ceeaeb840b85c9d818122276498be666fb5eaef88c78a4358f78c414074044454

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
36206086ce8e759224564f31562d7b48

SHA1
a512645989f241d82ab3ad15ae717cdc461abed6

SHA256
2d1519c1351ddc3d6488c6a539c0bd44b840e8c99e20525601dc0dee56f1b353

SHA512
64d6d7364d750006d41c67200b36c57fd7b877c845e769406f22fe65feb55e3627a88f90cae5c01fe5b5576813a144f4e06edc477a0e6bd40ff477c550534188

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
273480226e10413ce77d31d3864fac56

SHA1
d1da50514b51703237088cdbab8b2421bcac2456

SHA256
58bfaf8fe28fff1e0ed84260c16f640bf2242222006d79dd11510704458ad6f7

SHA512
6bc9f41b694774eaf53155b2c28ae5bcd63aa5723f8a271928cd138ef94de943b8599dc9b6ae02c769628719dd8579cb31de0d17f4b29f4ff1e8635f27cc3006

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
a6ab4b710085806d2d9086ecbb38af2d

SHA1
7dc0129e2e51df76fb1c2619c17d7b600e40e367

SHA256
fb1043e094efd2b4a5ca097d710f25e5933ed61fb6ff3d69e9a42506cd887cd1

SHA512
7e32206e62af5a7929bbd835eb1bf112dde0b8592cd0d8253f75762d1e4a88d7752b9c97bf8127a2f83fbf5fe585f9d04da48a3e7b97149cd1a389ad96664dbe

Download Submit