7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169

General

Target

7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe
Size

61KB
MD5

a9687be522b33168666eb1786f620836
SHA1

923ce6bd67ea81b1f86c24296591da4125928e2a
SHA256

7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169
SHA512

9445ced2515827feb0b22db89b0ed9a70c80db0dcf47ece2d9e12fcdb5a7fd8a725fb58891d64578c0c4b826c68dc39cb0a890a84064d051220efa02ca173669
SSDEEP

1536:tttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wnle5:ldse4OlQZo6EKEFdGM2+le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1680	ewiuer2.exe
2796	ewiuer2.exe
2468	ewiuer2.exe
2188	ewiuer2.exe

Loads dropped DLL 8 IoCs

pid	Process
2944	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe
2944	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe
1680	ewiuer2.exe
1680	ewiuer2.exe
2796	ewiuer2.exe
2796	ewiuer2.exe
2468	ewiuer2.exe
2468	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 1680	2944	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	28
PID 2944 wrote to memory of 1680	2944	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	28
PID 2944 wrote to memory of 1680	2944	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	28
PID 2944 wrote to memory of 1680	2944	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	28
PID 1680 wrote to memory of 2796	1680	ewiuer2.exe	30
PID 1680 wrote to memory of 2796	1680	ewiuer2.exe	30
PID 1680 wrote to memory of 2796	1680	ewiuer2.exe	30
PID 1680 wrote to memory of 2796	1680	ewiuer2.exe	30
PID 2796 wrote to memory of 2468	2796	ewiuer2.exe	31
PID 2796 wrote to memory of 2468	2796	ewiuer2.exe	31
PID 2796 wrote to memory of 2468	2796	ewiuer2.exe	31
PID 2796 wrote to memory of 2468	2796	ewiuer2.exe	31
PID 2468 wrote to memory of 2188	2468	ewiuer2.exe	35
PID 2468 wrote to memory of 2188	2468	ewiuer2.exe	35
PID 2468 wrote to memory of 2188	2468	ewiuer2.exe	35
PID 2468 wrote to memory of 2188	2468	ewiuer2.exe	35

C:\Users\Admin\AppData\Local\Temp\7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe
"C:\Users\Admin\AppData\Local\Temp\7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BH9NOMBV.txt

Filesize
230B

MD5
a8d849bded1fb46d476b667b0e148ecf

SHA1
1462ade03d32d2d649d676db37ecad46e78644e6

SHA256
ed3266f6b29f7aee178f94d585b9cfca049ffd95cf050ba1980a23c8fe9dedcf

SHA512
e6d01f0d5f3233df871c3bcf21799c399f1d32b6615b5ac3c9d1b7740c78c1013fb6cf7883d67ba46e48b9548cc33286cfdc9928f77b55d088a080dddc2daf65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J574BZVF.txt

Filesize
229B

MD5
63f419586864a043635cba215f8dc259

SHA1
cb8a7c25df2b02a36fe8ab8fe63fa50ac12ee8fd

SHA256
a97f0bb32359625b52443baf2f3108398070cd1a448a043782ff3f24e25cb6c7

SHA512
cfe6fdba1315eb1971d19be6301f292d2a9f1b9c3e649f73be99e426c7fc1cbe55b286b5b1190504b58c692b30fb0a1b2ea067ed776ad52fc9a1397e0b60800f

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
bce5afed8396fbd933448292d9bd1fad

SHA1
59e7f4474960045c6175b5ef0bef82f24a901b94

SHA256
7c259c7aa86b69c835bf01a275270a53959e86bfb175be85543faba979bef91f

SHA512
c37aaa1afffa1cd4281b2324763bb4140ccc9ebca618361c7314e954e69ce1284e5a1ff7b64f639e52dc763f0dec54e7c94bdf26381a0e5bc0f0d08e204ab8ed

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e62d67ecd95095e7248a01adf9383c9b

SHA1
b81674a1a56034913345fa94305ba9a3d44b261c

SHA256
ca9439cba8f8b52e7743a6f254f5145f60f153bed6fa676a98324547397b18dd

SHA512
b5835d6fca856393efb90e0b2d95f595537c1cee617a050694b56e440cdf28aa9e25f7699cc2a2a7c51104434836caa11dd98a653d16dda7bffa03014421d91c

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
a540e7557064a516f7a4fc06d70e1598

SHA1
b541efc1ad3703a113322f7f15c67c491b07f80f

SHA256
79c58dcc81e7b2932d9de928559cb4e7c39d1c955e0644db9d0899a7daa89c05

SHA512
5fb6b9e75302848bbbe67db82fb60dde31bd5b603421c813742b6e24d23301c3e2690ea126958b524e8a7368f711b6e9648b78587b9dec1675b103ae52aa1909

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
2c48c2556f71147605be984712534835

SHA1
7aac202096997b55a76f10ef49d7082564bf6f5b

SHA256
1caccc9a7670ce89f266647a9bec505776b97f68dff5fa4943d6478ce9358c92

SHA512
5de22c52167adb4bbc539360109a9953429c1c4198fb3691fb36bc3a1f541f98f3db73d85ddc3a550ede492dc9f6269a0ef134a3bbf844b7b074ed029aca4c58

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads