441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196

General

Target

441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196.exe
Size

65KB
MD5

5b4d31ee8b52f64a5649da53e2e8a52d
SHA1

676851b9703fe95b77aa273d25a0a84614892c84
SHA256

441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196
SHA512

09aba0e8526c2e81573ca47268f456778efdac4299b6ee95b192c59776632b43678aba39894a6aeeed9f1088bf03c1dcf966c8e48c0d46e57be2493b554298c8
SSDEEP

768:yeJIAFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAi:yQIAEPZo6Ead29NQgA2wQle5q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
464	ewiuer2.exe
3172	ewiuer2.exe
3380	ewiuer2.exe
4776	ewiuer2.exe
388	ewiuer2.exe
1368	ewiuer2.exe
4852	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 464	3736	441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196.exe	83
PID 3736 wrote to memory of 464	3736	441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196.exe	83
PID 3736 wrote to memory of 464	3736	441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196.exe	83
PID 464 wrote to memory of 3172	464	ewiuer2.exe	100
PID 464 wrote to memory of 3172	464	ewiuer2.exe	100
PID 464 wrote to memory of 3172	464	ewiuer2.exe	100
PID 3172 wrote to memory of 3380	3172	ewiuer2.exe	101
PID 3172 wrote to memory of 3380	3172	ewiuer2.exe	101
PID 3172 wrote to memory of 3380	3172	ewiuer2.exe	101
PID 3380 wrote to memory of 4776	3380	ewiuer2.exe	106
PID 3380 wrote to memory of 4776	3380	ewiuer2.exe	106
PID 3380 wrote to memory of 4776	3380	ewiuer2.exe	106
PID 4776 wrote to memory of 388	4776	ewiuer2.exe	107
PID 4776 wrote to memory of 388	4776	ewiuer2.exe	107
PID 4776 wrote to memory of 388	4776	ewiuer2.exe	107
PID 388 wrote to memory of 1368	388	ewiuer2.exe	115
PID 388 wrote to memory of 1368	388	ewiuer2.exe	115
PID 388 wrote to memory of 1368	388	ewiuer2.exe	115
PID 1368 wrote to memory of 4852	1368	ewiuer2.exe	116
PID 1368 wrote to memory of 4852	1368	ewiuer2.exe	116
PID 1368 wrote to memory of 4852	1368	ewiuer2.exe	116

C:\Users\Admin\AppData\Local\Temp\441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196.exe
"C:\Users\Admin\AppData\Local\Temp\441a1cfff58e7d9a7f7620e9b774cf8bb5592961ae49648e2bbc3a02c4d10196.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:464
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3172
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3380
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4776
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:388
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1368
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
064c357d0b5cb13e3f028ac27d44d61a

SHA1
d9b810e4411ca3dd4d2ebfd6c19b6364f47e302b

SHA256
c309beb08eb1c4e494ff250a0887ff0c01528746aabdb4f445c6c7ee3fdaddf7

SHA512
24c1f9998a9c8ccfc965b9d7287b6213de7f393ee5865d09348bf90f4d4671bda0835400040a4e580a3d01fd76749899b561b209a54b143578c8a66b1ef9fb22

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
dad6babe6d2d45e0199fbc3121111fdd

SHA1
942de221f815cf6d08f80c500ce4545b5ef78c42

SHA256
8d1e30b369b7d074abc19c5333c7e87aeee47c195e5e29420631896d2916ad38

SHA512
5da43ba0c590380f8402f1786c4afb89c414e045351a9b08c264d7bf30dcb053370f4d40facc8f39576210effd53e44567358134d992a35740f4a0846005c48f

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
c3d52f99cbe2434bba9bbc177e164bcb

SHA1
5924c92b08f532d96d529b1dbe3cd5d785ae1edb

SHA256
4bfbff1d0ce8511b10b85405b5150dd86a51d3d76ded04cf3530b18aad48c441

SHA512
b30ccf771803b278023e5859130944ae6b33b321fabe5364d1c002cc62ee7cc2b7384f6f7e95b73a1bc8764bc5ac71e5c40cca5e1272363a9c35fa65bce5e72f

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
8d2bdfc5a1bf3053ab57f4812e2e2397

SHA1
788efef84f577c8cb98692e91e545739afd56323

SHA256
c74e4855614f3400f01db8ade16892f8d4380085025a0c82953a301f22eb229d

SHA512
d7aadc3a9a2d162e96df03744e658512e8e07020337269376ed0b6290844d52656fe90e9265de9a615b1694e48e40af18924919c9e9ba16d7061aafdd0b6b27d

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
7f129cdbc40d20acb1382c50eda9bfd8

SHA1
0058d5b74dd92385b2170632da7fadabec265e9c

SHA256
a5dca5f4a4e5b0d5f6e5b84cf83cf8ce9859ee7979fa57173e6f1ac7c0fb43f4

SHA512
27f37241195123fc726857bbdca90179bf8011997c9faafdcdf7845ace279f048eacb0438e72d77d9d65300cac65f3f6f1d6d343df9277f00312a454d2209d19

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
af9d271bfb7d764e8cce9c9be1409537

SHA1
f4a2505f55d46af3166ffcd0005d9d6ceaeea890

SHA256
181a9b81ee5022631a06d86dcf6538a413695dacade131acbadb0bce1d897ed8

SHA512
2ea2ae9a3c2f17e2be494f810086160f0f3c9c67f914a77108d7f908572847f00f53a65c34c762bd960dbfed4922b4a6a55d66d3c9606da08fe9a7c0ab140838

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
dea90aa4885e41e76d802409b0fe2145

SHA1
21c7c2f5aa1f5484d073a1540eaa28d5bb9baf00

SHA256
7075ac51d1b9d3b07dfde732c3e9faba20856c44628317d32ed0c93781da1020

SHA512
808d83bdeb8acf7fec7019e6bd12848ff359c3a438a3b9f0a24852c79a0146843a94d68bf9e27263b6a71ecf5e27bc73eb0b71a30317eb75535ead0b604e534f

Download Submit
memory/388-33-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/388-31-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/388-37-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/464-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/464-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/464-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1368-43-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1368-40-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3172-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3172-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3380-24-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3380-20-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3380-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3736-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3736-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4776-25-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4776-30-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4852-44-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads