c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246

Analysis

max time kernel
147s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 02:46

Target

c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe
Size

61KB
MD5

5d5c865544d4451d7e82b15a8104e8f5
SHA1

77fc27c275d341d3a03f87fa3d420734b1e541c7
SHA256

c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246
SHA512

c20d3e0251c7e09fa50f3bee98faffdd49bf262baff6506cdc0405882a8bc40b817c060d9ae6b8dbb392ff611a74f9e5b0caafb709e54804f43d1cefbe221479
SSDEEP

768:veJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:vQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
1556	ewiuer2.exe
4376	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1556	2408	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	90
PID 2408 wrote to memory of 1556	2408	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	90
PID 2408 wrote to memory of 1556	2408	c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe	90
PID 1556 wrote to memory of 4376	1556	ewiuer2.exe	100
PID 1556 wrote to memory of 4376	1556	ewiuer2.exe	100
PID 1556 wrote to memory of 4376	1556	ewiuer2.exe	100

C:\Users\Admin\AppData\Local\Temp\c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe
"C:\Users\Admin\AppData\Local\Temp\c8c1317e92d7cecf33854434715e93ecbc52a7d41cca6308166b37fda520c246.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:2276

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
a0605ee63628931195a14ccb1aab3948

SHA1
35881267085f98a0a046df4b34e8983c3e1ef883

SHA256
464b60c31f5e5202bb72e0c15aa2d8d75431298f1be0432617a6058378345d10

SHA512
cd0f32a41ff859b379961e4aa82cbd15742793c3006657bd0f8e3b3764cfbff8b820df3fa364f71031aad5cd8cc542d741af44ecfb071a3daad2aa226c407e76

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
b089f2736c554b5ee47ba0f6c40b1e89

SHA1
8485e4d06ef90e8df70535e079466cda466fc4c2

SHA256
d33b6c8cfe7c00db58a6b48a6165517449fee96038e2291fac0cc660bf4d7409

SHA512
ff3811fb6eb409156adb9a473a03a0fef24211e2fe3dcd1b7bfa59be376b1e49f5854c9538546ee9ad2dde80ea6c56e67f1c318580ce2d69c0c5fb93bdf2cb8a

Download Submit