998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2024 23:38

Target

998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df.exe
Size

61KB
MD5

8cea51598d2a81ab11c5cda1f74a529c
SHA1

c580e016eefc2e0c1667b10a590f1087c63f90ae
SHA256

998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df
SHA512

372600745d2463d2157c0932fc1358199b6088d337c8218ba898e89109d0856effdc98106b905d1c1babf3a7fe61608dc82eefef58a10ac8a0859495599ddae5
SSDEEP

1536:Sttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wHle5:Cdse4OlQZo6EKEFdGM2Sle5

Score

7^/10

Executes dropped EXE 4 IoCs

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 4928	3728	998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df.exe	84
PID 3728 wrote to memory of 4928	3728	998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df.exe	84
PID 3728 wrote to memory of 4928	3728	998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df.exe	84
PID 4928 wrote to memory of 1556	4928	ewiuer2.exe	104
PID 4928 wrote to memory of 1556	4928	ewiuer2.exe	104
PID 4928 wrote to memory of 1556	4928	ewiuer2.exe	104
PID 1556 wrote to memory of 3948	1556	ewiuer2.exe	105
PID 1556 wrote to memory of 3948	1556	ewiuer2.exe	105
PID 1556 wrote to memory of 3948	1556	ewiuer2.exe	105
PID 3948 wrote to memory of 4956	3948	ewiuer2.exe	111
PID 3948 wrote to memory of 4956	3948	ewiuer2.exe	111
PID 3948 wrote to memory of 4956	3948	ewiuer2.exe	111

C:\Users\Admin\AppData\Local\Temp\998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df.exe
"C:\Users\Admin\AppData\Local\Temp\998d24880ad64258df037cc19439d082a7c3e0c7a60451da51f90f0e7553f2df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1556
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3948
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4956

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
28d63cb6f61c8698fd98c5f0828a0ce2

SHA1
8e8f98fa6b9ecc083b51125dd3e1fa2ca7938f54

SHA256
caf3843129e974ac0cd2652a7a4be49b5557f23ed162af1b813cd4df59afd78f

SHA512
72620b6e02ef52865e57e89264a7e3d5c3ed92e346a19872e159490d550363fb0b0fa3a211ff7671f23b6b5d3e00c0fa02b2779100582830eba6c2fd20553a80

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
ae99485312760c1ac6ffd3f637785bc7

SHA1
d9c645f8204989110c941b1a820b1b1ef8c1eacd

SHA256
5d8c3c723de78be48b13b104ee14a14c2fb1a837cb78a668af4862aa3184ca17

SHA512
cfbe39756eb3795a1c1e798f69183b812983bae3a9d85e6b5d557c3361ac2af9af387be99acd20b556a3485694b8072ba51bf14e348eaed8955145ff484b4e0a

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
a1e3b2e15fd23d0e504cb4e7f67ada1d

SHA1
584c5643d7a6086adb084775932a74163cb5cd89

SHA256
78775a0a0ce435b47768ecf2f7b3106e272e83eb74e40bf80b831de3f1929857

SHA512
f30efa3ca331423c64e365c5f8c2b0d7deff839fbf545dfca3e3ab2fcd7abde9ff4a0f50986dbdb621542a9db818262205daf79967be978a50ace0c646c8e0cf

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
1dcd1e678823f846b65366f64788dfef

SHA1
2ed4bf5b692f484ad735ad6fa4d2759bee5d58f5

SHA256
bcf39f8175dc1bb8319a3ce590da86863689ae9a28548eb90f7691afb2a92414

SHA512
3d1bae1588c6bd4ce7d64ac403ce724864ee3d60cafa5feec70e30afe84faca8981a0563b1631e16d9f4bab586a5e5f2b103dba27e3b8bc4d5e91aff47651bf3

Download Submit