c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe
Size

61KB
MD5

5d5c865544d4451d7e82b15a8104e8f5
SHA1

77fc27c275d341d3a03f87fa3d420734b1e541c7
SHA256

c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246
SHA512

c20d3e0251c7e09fa50f3bee98faffdd49bf262baff6506cdc0405882a8bc40b817c060d9ae6b8dbb392ff611a74f9e5b0caafb709e54804f43d1cefbe221479
SSDEEP

768:veJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:vQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2904	ewiuer2.exe
2568	ewiuer2.exe
1484	ewiuer2.exe
1968	ewiuer2.exe
1676	ewiuer2.exe
2968	ewiuer2.exe
1672	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
2876	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe
2876	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe
2904	ewiuer2.exe
2904	ewiuer2.exe
2568	ewiuer2.exe
2568	ewiuer2.exe
1484	ewiuer2.exe
1484	ewiuer2.exe
1968	ewiuer2.exe
1968	ewiuer2.exe
1676	ewiuer2.exe
1676	ewiuer2.exe
2968	ewiuer2.exe
2968	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2904	2876	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	28
PID 2876 wrote to memory of 2904	2876	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	28
PID 2876 wrote to memory of 2904	2876	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	28
PID 2876 wrote to memory of 2904	2876	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	28
PID 2904 wrote to memory of 2568	2904	ewiuer2.exe	32
PID 2904 wrote to memory of 2568	2904	ewiuer2.exe	32
PID 2904 wrote to memory of 2568	2904	ewiuer2.exe	32
PID 2904 wrote to memory of 2568	2904	ewiuer2.exe	32
PID 2568 wrote to memory of 1484	2568	ewiuer2.exe	33
PID 2568 wrote to memory of 1484	2568	ewiuer2.exe	33
PID 2568 wrote to memory of 1484	2568	ewiuer2.exe	33
PID 2568 wrote to memory of 1484	2568	ewiuer2.exe	33
PID 1484 wrote to memory of 1968	1484	ewiuer2.exe	35
PID 1484 wrote to memory of 1968	1484	ewiuer2.exe	35
PID 1484 wrote to memory of 1968	1484	ewiuer2.exe	35
PID 1484 wrote to memory of 1968	1484	ewiuer2.exe	35
PID 1968 wrote to memory of 1676	1968	ewiuer2.exe	36
PID 1968 wrote to memory of 1676	1968	ewiuer2.exe	36
PID 1968 wrote to memory of 1676	1968	ewiuer2.exe	36
PID 1968 wrote to memory of 1676	1968	ewiuer2.exe	36
PID 1676 wrote to memory of 2968	1676	ewiuer2.exe	38
PID 1676 wrote to memory of 2968	1676	ewiuer2.exe	38
PID 1676 wrote to memory of 2968	1676	ewiuer2.exe	38
PID 1676 wrote to memory of 2968	1676	ewiuer2.exe	38
PID 2968 wrote to memory of 1672	2968	ewiuer2.exe	39
PID 2968 wrote to memory of 1672	2968	ewiuer2.exe	39
PID 2968 wrote to memory of 1672	2968	ewiuer2.exe	39
PID 2968 wrote to memory of 1672	2968	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe
"C:\Users\Admin\AppData\Local\Temp\c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1484
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1968
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1676
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2968
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LGGD3CN4.txt

Filesize
229B

MD5
666f126c524490802a39d641f3632670

SHA1
37384892691f66f61a25fbf28b1c8377d7e79669

SHA256
a2b885a2866f79f41cc3147bcb91f9b50f162262ac7c8b7e9c788ecc04dde10c

SHA512
5752424cc719879a085d5ae1e01fefc7092b3703ca45a12647a0ae6c938b3f923e565b7391cf0b340a22c1d42bb90e732df5dc210ae3b3ddccf63e421264e998

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QGTARW6C.txt

Filesize
227B

MD5
fdd345fae76477c5bb1e8a300dfbc71f

SHA1
8d38a106a118a1ee47653350471d76babe487cea

SHA256
042e66c8d2f3ff0635d18307c31e86a4f3f0ae0f0741c29abe11511f4cf0b86f

SHA512
3eac60b73fe9b9e833c4ee94213fe8fae2957c40eaffd62a3d6ee632bb2e2268cadc70a3e997c5b0d2e5c46884820cbf7d0ff16e1e738fef6b633d678cea1237

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
a0605ee63628931195a14ccb1aab3948

SHA1
35881267085f98a0a046df4b34e8983c3e1ef883

SHA256
464b60c31f5e5202bb72e0c15aa2d8d75431298f1be0432617a6058378345d10

SHA512
cd0f32a41ff859b379961e4aa82cbd15742793c3006657bd0f8e3b3764cfbff8b820df3fa364f71031aad5cd8cc542d741af44ecfb071a3daad2aa226c407e76

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
b946d8422b42da863fdebd6e93790707

SHA1
bdb5fdc3a84bda761eca588bf3c7c0c7bf5856e1

SHA256
a905004c2f8f4a40fe900fa4d127f13c5af9588cc7ff6c74aef7324707ce2677

SHA512
844c6024b30e6e76ddd1ffab4f859471b981a34df54220fbc999f49c67439cd566a80a610f42937033f23974669b4d9b84d1ee299061f6715582feaaa4c1eced

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
b79c89ef35fc9df4eb52d8adf9916e61

SHA1
323149c85bd7aaef342a60b598bb035e6ccfb651

SHA256
1940815ae2fa1995d5ea4dd939264de2737cdcb456dd7400a157770d86baf31e

SHA512
6b4f98bf8fab2138ccb689c9309beda8f4682ddb809af8f2bbe131203e4d1a72d48da9a345ede5e2d7aae1b641256ea43b63ff4b9306b34aca85ef293673fcd2

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
bccd87d53ef756e5c3c833d6d673a16a

SHA1
d4651ad80dc292c3c5f532b150a98953da32ad7b

SHA256
ed5a015a9e2678fbd2e81d912a71301730156d043ab8c5b58a27fe916a0d7914

SHA512
710addff7dcbce1047dcd7cc4c92de209ddaff99278461e8d77c9ab20b3f453e8e0c44ac85088ee393cbb824d0b124d70c6feac919aa5d1278325ff130173131

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
de06adf33a0946c2b056c1fa297e9527

SHA1
8aab1884ce9f56d141b3226f1bd53ef4af86de1e

SHA256
8f7593ec0bff4175cff350697454250136ed797f510ee5a6457b47d17dcf8029

SHA512
026b62c1d79895aa2d4cf3fdbeb0825917e468cd2b99d467af1d98387578e2aedcc420c6346a90a0f2334521feb634ed83bbb4e50226cf8a24fe5d636d8ad6b4

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
8f8680a0a8a17400692e2fa0e4bb5973

SHA1
d5b2bd90773325e58809e175b893036e9e9267c7

SHA256
9ee4bf32c456d8b41c282d8c41e104ec880f1f4818f04f5305ac7cd80cb35263

SHA512
76b51d81fa8a3cdb5e3233c8c02f808ba1bec49b803b0bd4210eb8fa8f8964e50691b16b85842270ee5a89fe2e901fae6b5401733d934b38b5f7f12e6c8a8bcb

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
02f52b6010313682c13325e60a1f8726

SHA1
957dd48537b2cbb72ef8bd2c2b76fd914fda1c0d

SHA256
62a0142408f3c62c7e30417645aa7f6f893466698fe654750710262db3b5de0f

SHA512
8afe00122775d14728b1b417986b9fe5b834daa67ef5150dc5142f0575b39fb227415e06bc7fe813ccad648ecdfa2761c54a19354d97970d98a4609752367be1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads