7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 23:20

Target

7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe
Size

61KB
MD5

a9687be522b33168666eb1786f620836
SHA1

923ce6bd67ea81b1f86c24296591da4125928e2a
SHA256

7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169
SHA512

9445ced2515827feb0b22db89b0ed9a70c80db0dcf47ece2d9e12fcdb5a7fd8a725fb58891d64578c0c4b826c68dc39cb0a890a84064d051220efa02ca173669
SSDEEP

1536:tttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wnle5:ldse4OlQZo6EKEFdGM2+le5

Score

7^/10

Executes dropped EXE 4 IoCs

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2992	224	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	83
PID 224 wrote to memory of 2992	224	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	83
PID 224 wrote to memory of 2992	224	7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe	83
PID 2992 wrote to memory of 3252	2992	ewiuer2.exe	100
PID 2992 wrote to memory of 3252	2992	ewiuer2.exe	100
PID 2992 wrote to memory of 3252	2992	ewiuer2.exe	100
PID 3252 wrote to memory of 1492	3252	ewiuer2.exe	101
PID 3252 wrote to memory of 1492	3252	ewiuer2.exe	101
PID 3252 wrote to memory of 1492	3252	ewiuer2.exe	101
PID 1492 wrote to memory of 3976	1492	ewiuer2.exe	106
PID 1492 wrote to memory of 3976	1492	ewiuer2.exe	106
PID 1492 wrote to memory of 3976	1492	ewiuer2.exe	106

C:\Users\Admin\AppData\Local\Temp\7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe
"C:\Users\Admin\AppData\Local\Temp\7377e8a5d22b14355151f2df7ba44138d8a5738f424a65ee152511ea02dc5169.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3252
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1492
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3976

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
68e1b3be3681019a2decfa3c3ebbe169

SHA1
c1f04a11564c83e2df663a0f69b5590811f4657b

SHA256
bea501492a97b613c8d87055f32d6614306e93407abba97fea9984540eb2ee00

SHA512
d290732ff7dd98f2ddecee643117aa6f17e0b2fe6c1e0af90cd61763ea1cd0c1a89083cece62baaed28e3766f0277e9ca0c174cafee7e88fecdc4c80d16a37d1

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
bce5afed8396fbd933448292d9bd1fad

SHA1
59e7f4474960045c6175b5ef0bef82f24a901b94

SHA256
7c259c7aa86b69c835bf01a275270a53959e86bfb175be85543faba979bef91f

SHA512
c37aaa1afffa1cd4281b2324763bb4140ccc9ebca618361c7314e954e69ce1284e5a1ff7b64f639e52dc763f0dec54e7c94bdf26381a0e5bc0f0d08e204ab8ed

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
fbe9f663cd552eadc7d2f38e5923b1e9

SHA1
7f7ea908c2b19a99cb73db06499d86c3fa4221ef

SHA256
b947f19a16f1348b4c554057a6e25170d4ccda29e4553b5876925a4167c267d1

SHA512
5d6fd1f085771fd65d6ecd4da56ece191269576e1b1740f5ce7042a76a5f39374865d63d6899135f0acb16ed4d1ad8d5c558dfeef013e27b8be59477e893fc61

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
f8c74c5ac567b2b151d1aa3181a657ee

SHA1
7398ffbc1e62f9e74e3f7af965973d5d3faa3e64

SHA256
c318d52edf9b211de79891efaeab7341e02f9a1c1054ca75b16c4aaa177b45a6

SHA512
d00c0b80505e87137c0ed02b195d5a7765adb7a3a3704125a7d710b5311d444de6e930aa859cd28477e81c3187b5e95f94fb61362ae41373c077d81bb00485d8

Download Submit