59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280

General

Target

59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280.exe
Size

61KB
MD5

6eb4cb70bf41e34e6ebf72f2dc3f99cb
SHA1

ded9d4d14ac28cecdc0b9c1d8af0f6b409ee73dc
SHA256

59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280
SHA512

1118b323dc9ffe95fe693e77a6cb8d93cfcff9052ffd70e6f7b79e3d0d0322a0670fe31137aed622aa7975bae75c3ddaf44901008ff04351c36887f9fe53bba5
SSDEEP

768:IeJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:IQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
3808	ewiuer2.exe
3412	ewiuer2.exe
3876	ewiuer2.exe
2100	ewiuer2.exe
4412	ewiuer2.exe
2888	ewiuer2.exe
2772	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 3808	3356	59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280.exe	84
PID 3356 wrote to memory of 3808	3356	59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280.exe	84
PID 3356 wrote to memory of 3808	3356	59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280.exe	84
PID 3808 wrote to memory of 3412	3808	ewiuer2.exe	100
PID 3808 wrote to memory of 3412	3808	ewiuer2.exe	100
PID 3808 wrote to memory of 3412	3808	ewiuer2.exe	100
PID 3412 wrote to memory of 3876	3412	ewiuer2.exe	101
PID 3412 wrote to memory of 3876	3412	ewiuer2.exe	101
PID 3412 wrote to memory of 3876	3412	ewiuer2.exe	101
PID 3876 wrote to memory of 2100	3876	ewiuer2.exe	106
PID 3876 wrote to memory of 2100	3876	ewiuer2.exe	106
PID 3876 wrote to memory of 2100	3876	ewiuer2.exe	106
PID 2100 wrote to memory of 4412	2100	ewiuer2.exe	107
PID 2100 wrote to memory of 4412	2100	ewiuer2.exe	107
PID 2100 wrote to memory of 4412	2100	ewiuer2.exe	107
PID 4412 wrote to memory of 2888	4412	ewiuer2.exe	116
PID 4412 wrote to memory of 2888	4412	ewiuer2.exe	116
PID 4412 wrote to memory of 2888	4412	ewiuer2.exe	116
PID 2888 wrote to memory of 2772	2888	ewiuer2.exe	117
PID 2888 wrote to memory of 2772	2888	ewiuer2.exe	117
PID 2888 wrote to memory of 2772	2888	ewiuer2.exe	117

C:\Users\Admin\AppData\Local\Temp\59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280.exe
"C:\Users\Admin\AppData\Local\Temp\59ded88218e048afa0362f71fbe633acfa179ac644569f5adf92a64053fd4280.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3808
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3412
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3876
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2100
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2888
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
ea6c1b10327f35b93f7e636069b3808a

SHA1
bfa81eef63bcb86c6a63d2aecccd1308dd6f849f

SHA256
d629b8800b2cc9a26c6f1cc65d5a6c8f5eefbc0b265ac8ba2ccace39adfcfd5d

SHA512
4c31040ad1129b0fe56ea2e2405d529c8e6bef4b6d85ce32753badebca14632cf7c95e0fa24b66b6eda6f1571215c4daf2728e45c656c95bae63608d5e57186d

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
4cd26a34239295be522c9015b4e7d80f

SHA1
1f78163bfd746aaafe8cd1a52dccff7a9e4d6f6c

SHA256
fe07c6497ebd91bf3c7b7ba4dd4fe5c0da6184a8a8bc0e11c964ae30a4a9b05b

SHA512
ac11b1bd0a8528ba31fc802faa9e2e08a04cddefd11100045e8fa6234742d6cc09d0f3e131135c1cfa98e2eb6b281f53abecc043179edf9096c89529a596b1de

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
81c48a15b0242a7054b380b2b169f66d

SHA1
6975ef96084593815550180dfbe8cc7bcccc88c0

SHA256
0f619c9faf105390dd51f3bfdf0baadd087cddb86011dc8be8c2d7f52ddce9c0

SHA512
3616fdc8b8aec757f720ddffba6d2eb3cb3aa4aeb768bd119d244dffb8a7d340ddba5651f299aff11e59dfab6f4b45c0810a7cfd764dfb88ac237e9002f3bd62

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
673ab3605f0e7c67ddf66f5d10e46065

SHA1
ad4f28195e8c110182fa440e6e473c48571187e3

SHA256
b00ae6646f7fd7c39bbb5388cd627249c55bc5746c23f82c6855b1a19ea890a5

SHA512
639dbca28aed22ae0365137951d4852c3d10828e4fad7aa7eed877597dd232dfae2f21406fb0141802df3da371747312094be22c2910eb2ad29d8359183544d2

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
47c9d774e7ffa4c73ae0bc432f286e4d

SHA1
9964d46b99054dbcd57f33636f8c9acec0584315

SHA256
e6e60239fe40f4779a49cc90df55edf9d9b8b8464963c5bbbd0bc1a90329beca

SHA512
8b2133b04c6490333ae68acf232669282a46e460f0f4746c9b7f0081317890972eaf180fb0776b2c948dbd4a497806dd1b7b60143dc9be96dc255eaf52664021

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
686dbee057cc00863702fc8c4eeb26ab

SHA1
8769dbc95b8386ddf0f6b09ce6dbf589f2adea67

SHA256
7d04baaf441777dea2fbd40f19bb7000378494eeca1d14ab67a4eb1e09cf436f

SHA512
62b9be6885582948e6af8db6e39a966f00e611c333047ca5708ac9142534dc4f8a6c85f65952ab8159319b564d20db287bb061f6379273006352569b388af903

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
188cbd3e210a08dbc10e6d2a5179e44c

SHA1
2972cac06cda2f69a08612ff24a8ffaa68b2eeee

SHA256
2dfccd7e377ee1d2e9c744aeadfc662a0ddcc6e9faa629eb8a9c0f76c92ed5a7

SHA512
86f9aec52ac79d361c5c1192189dc9fe044f5259091e33aa65f33d14fddb54cf79252a6a3f17ac8e6bf03aa37e249611a339f15ed190b6af8d23d25832bfd3ae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads