f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 05:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe
Size

61KB
MD5

56570b1c47a2365a313e725da8c6ee82
SHA1

330c7c9421a425d9dd2635e2cbc0c0c806e0d8a6
SHA256

f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6
SHA512

45d344b350538b37b14d8291c99ad32c35c349d7d83f7d084c14ebba43134b07a9375be427e0c092fa4de770bacb8b1f1cf2f58f21c6be99a6f07146c143089c
SSDEEP

768:OeJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:OQIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2120	ewiuer2.exe
2752	ewiuer2.exe
2828	ewiuer2.exe
668	ewiuer2.exe
1504	ewiuer2.exe
3036	ewiuer2.exe
1556	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
2004	f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe
2004	f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe
2120	ewiuer2.exe
2120	ewiuer2.exe
2752	ewiuer2.exe
2752	ewiuer2.exe
2828	ewiuer2.exe
2828	ewiuer2.exe
668	ewiuer2.exe
668	ewiuer2.exe
1504	ewiuer2.exe
1504	ewiuer2.exe
3036	ewiuer2.exe
3036	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2120	2004	f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe	28
PID 2004 wrote to memory of 2120	2004	f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe	28
PID 2004 wrote to memory of 2120	2004	f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe	28
PID 2004 wrote to memory of 2120	2004	f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe	28
PID 2120 wrote to memory of 2752	2120	ewiuer2.exe	32
PID 2120 wrote to memory of 2752	2120	ewiuer2.exe	32
PID 2120 wrote to memory of 2752	2120	ewiuer2.exe	32
PID 2120 wrote to memory of 2752	2120	ewiuer2.exe	32
PID 2752 wrote to memory of 2828	2752	ewiuer2.exe	33
PID 2752 wrote to memory of 2828	2752	ewiuer2.exe	33
PID 2752 wrote to memory of 2828	2752	ewiuer2.exe	33
PID 2752 wrote to memory of 2828	2752	ewiuer2.exe	33
PID 2828 wrote to memory of 668	2828	ewiuer2.exe	35
PID 2828 wrote to memory of 668	2828	ewiuer2.exe	35
PID 2828 wrote to memory of 668	2828	ewiuer2.exe	35
PID 2828 wrote to memory of 668	2828	ewiuer2.exe	35
PID 668 wrote to memory of 1504	668	ewiuer2.exe	36
PID 668 wrote to memory of 1504	668	ewiuer2.exe	36
PID 668 wrote to memory of 1504	668	ewiuer2.exe	36
PID 668 wrote to memory of 1504	668	ewiuer2.exe	36
PID 1504 wrote to memory of 3036	1504	ewiuer2.exe	38
PID 1504 wrote to memory of 3036	1504	ewiuer2.exe	38
PID 1504 wrote to memory of 3036	1504	ewiuer2.exe	38
PID 1504 wrote to memory of 3036	1504	ewiuer2.exe	38
PID 3036 wrote to memory of 1556	3036	ewiuer2.exe	39
PID 3036 wrote to memory of 1556	3036	ewiuer2.exe	39
PID 3036 wrote to memory of 1556	3036	ewiuer2.exe	39
PID 3036 wrote to memory of 1556	3036	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe
"C:\Users\Admin\AppData\Local\Temp\f7c5bd44e5c7b1a109f7f52d4e1f3273d90f81492eb7e795577c6179ffce59e6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:668
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1504
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B77VISC2.txt

Filesize
229B

MD5
1dfdee271e19096911dd29284e31e411

SHA1
30f29a0a3d77c2c562ef56c15e5b037f234f45eb

SHA256
6af55370f88e257c3d5ccf92cc152c3ed8f7dc827dea153e5e71bffc680f3dab

SHA512
6b2396cc50e275f69a194f2dbcada43d1dc437007da2b945c37725858deceaf8d22afd6b147f58156ff080046111ec8a52e9088becadf13e6eaeefb4e4ecd790

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GOK8FDAD.txt

Filesize
227B

MD5
8fb51bb45fb8beaeed0db35123572018

SHA1
1ca782de55874c660fdf9f5f33c95013f6972f41

SHA256
f6798de77a3449a51da81ba03710d543359ba4f5c15603f3a952223b541cb51a

SHA512
18d4e75a21e75319aea1a83b669c73229c8ac6291fb73366543318d3b6821c4ccd62a93678b22ec5a5aed8d4a1decac6af5b30da5764d2fbac99a9d7490a9af3

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c7b6c62a17830d3d8c4a517035b8d55e

SHA1
947570a75c10c59966991d1f700e2afa68687f6a

SHA256
6abfc12ae0a9ec202f95ad5d7531a679611981a4cf75dcb26a7b8878ec8b6cac

SHA512
d115585c597ab453427622e617afb2b625a1638c96e06d8967a2cde666a6a759b2771a824b09ba730990ebf01fe451e674d16ce0437a18ca0ebba2fb9b0cce25

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
6c67d3479d23a15694996e2ef5ca522e

SHA1
90594a324f7b42702b0f99edf30087cbb0302f85

SHA256
c8379ed6dca7ebf18849d1c9455591f9a5b37c875ab57efc3f13d7b2ba4a2321

SHA512
149609e3d2e5e0ae113592ed615fa7960f6ac42db7c0d8f001e0622b12887dff2bdeba8187104eddee1c16010d0725207ee5617841bc01334f7878541e71c4f4

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
dc4d2520071a066fd01c4567d390bab4

SHA1
1f876cbe10263680d04e4b3fa5e811caf898b81a

SHA256
3ce92e3a5ce2845aced64b6b413b0b17bc7b247af0db6d4b6c58eed9fa4e22e8

SHA512
faea88f2d5937945e51f98b8775538da4e195cc8a280ad0ee7c11ec0484f4e81685fd8907162acb91eb5f5c4056bd34a7a350bd656deb94bf624f6a2a0a0f1de

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
80a84b697e5d10eddb5bc009be1261ae

SHA1
215cc8b8f366586c5873dc40e375c374f8517d85

SHA256
8b43b2a9c7f0155f056297b5886188bf8067d9b1298f820e32ae60bf9bbe2210

SHA512
ea20cfc46a38684cb3652b1ea49d7d1ee144f2c3ac98ee0ec0ce94f2b5209d012d1f542488080f9624e1537e78bd0b343599ba5418b29519dcc73596ef5c1d4c

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
979a754be6cb67eeef048db1f54d9b24

SHA1
31ab964c04f2fa829adffcfca6788640be6f6bf4

SHA256
1abc3cdd017c21e461767604f3a11b8c84023503995e2d1c84f989f15d95cf28

SHA512
1cabcdcddd5db346781ef717d1a24b94b1c00a2bdb85512b8f972fae0edd95ccac9a2c4ccd17fac0be0b9d854169cf6d9d70d78217703d445d1a9bf2a66541dc

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
40eb6fb26a0a0b74910a31e1e0478b16

SHA1
fecdf37f1fe895777c12f8197cecbd9f05fb73a5

SHA256
68c964ac6509e76bf886b0434eb706a33a3f372cbe442e2a6994e428e0f6dbdd

SHA512
4c578710b49a70dc924bdd9647896fd5a156624ed9f134d3e14bd62a3f4beb9ee01c2c05a6a8ae0354676211923a4bea2612e4c84ff05918b0bd6a0b5b378243

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
51ddbb5b87dd8d22a892aae6602c02d1

SHA1
078838cb0b591efbeb394589726f1f11bfc1794a

SHA256
1b39236dcb082aec7ff6d7a967ef8a4dc89dd6bda4706cc384d10cc0a9aa9ea0

SHA512
fe031d98e2e7164121f868bb79cbc6d1e879d533ce9993aa6badcc9ebacbcb05468303a929e49c43d0d96685ae80c255915e090287f032aba47e7ccf3fe7e869

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads