d0689a3de1e1a400981c5d95ac46a1c6e33661e84a622c321cae415236151939

General

Target

f633ffcf8d07f4e170810114275267f0_NEIKI.exe
Size

61KB
MD5

f633ffcf8d07f4e170810114275267f0
SHA1

df131ed9140ae9a23aaea24931907e9a49a0ac0e
SHA256

d0689a3de1e1a400981c5d95ac46a1c6e33661e84a622c321cae415236151939
SHA512

cba58624714683094d8d9b13a2703b33732143c6c6d5b31904b8aea77e3b81279c997b8bf2c2ae70f716d47a002847b0c08b7a8eb2a0e43282a4f25b48eaf998
SSDEEP

1536:Ottdse4OcUmWQIvEPZo6E5sEFd29NQgA2wwle5:Wdse4OlQZo6EKEFdGM21le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
532	ewiuer2.exe
3576	ewiuer2.exe
3508	ewiuer2.exe
4408	ewiuer2.exe
2040	ewiuer2.exe
3224	ewiuer2.exe
636	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 532	3552	f633ffcf8d07f4e170810114275267f0_NEIKI.exe	83
PID 3552 wrote to memory of 532	3552	f633ffcf8d07f4e170810114275267f0_NEIKI.exe	83
PID 3552 wrote to memory of 532	3552	f633ffcf8d07f4e170810114275267f0_NEIKI.exe	83
PID 532 wrote to memory of 3576	532	ewiuer2.exe	95
PID 532 wrote to memory of 3576	532	ewiuer2.exe	95
PID 532 wrote to memory of 3576	532	ewiuer2.exe	95
PID 3576 wrote to memory of 3508	3576	ewiuer2.exe	96
PID 3576 wrote to memory of 3508	3576	ewiuer2.exe	96
PID 3576 wrote to memory of 3508	3576	ewiuer2.exe	96
PID 3508 wrote to memory of 4408	3508	ewiuer2.exe	98
PID 3508 wrote to memory of 4408	3508	ewiuer2.exe	98
PID 3508 wrote to memory of 4408	3508	ewiuer2.exe	98
PID 4408 wrote to memory of 2040	4408	ewiuer2.exe	99
PID 4408 wrote to memory of 2040	4408	ewiuer2.exe	99
PID 4408 wrote to memory of 2040	4408	ewiuer2.exe	99
PID 2040 wrote to memory of 3224	2040	ewiuer2.exe	107
PID 2040 wrote to memory of 3224	2040	ewiuer2.exe	107
PID 2040 wrote to memory of 3224	2040	ewiuer2.exe	107
PID 3224 wrote to memory of 636	3224	ewiuer2.exe	108
PID 3224 wrote to memory of 636	3224	ewiuer2.exe	108
PID 3224 wrote to memory of 636	3224	ewiuer2.exe	108

C:\Users\Admin\AppData\Local\Temp\f633ffcf8d07f4e170810114275267f0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\f633ffcf8d07f4e170810114275267f0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3576
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3508
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4408
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2040
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3224
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
7fb4dcd5f9d87a011f77880875d8ea40

SHA1
2977023181a814cb72f93e7f46b9751614c3fbd0

SHA256
42ef680b115eaa08c6cfca9f23d4eab523d4c09071909c0b07f5dfca1f361cea

SHA512
f47ef9b61d8e70d17d6feaed448abae164893d85bbee710a1466de1a39b9a3fe42664e1a152b3076816150d9b5b19bbad9f9b071fdc24cd3a4dfeda29106d27a

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
785fa679ba1e5f64fff2326ed37aca07

SHA1
a8084d41c08ab3aba11f14db3c7aa26c5db948c9

SHA256
a02a1ebd80f10ca78a70a09fb4f9980df406f1f6358acbb79826261811a16e44

SHA512
5e5f45049fbacbc37b6f8d19ea724ee2f47a83e5dee5ddf1688b952ed956b654e46d149414e283185fd6002975f8e53b1d4614913e4b37e5f4ece1841be04de7

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
db971480a8389911e20e833b725dcb17

SHA1
7fbf85b398dbf97293783355acd7228f087f9e88

SHA256
c905e24f449ec343f0279545850bb5bb4e711c1304b464af3bfe43a79cb93e1e

SHA512
d78372caf23e2b88fa536187b7b3ecca596aa26c0d5224885d943d9dd7bbf5f956f62ed8e284af841ccc7dd38ba4d6308218e28434b459e1bbc245f9bb1842c8

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
f4938b9add6741d5215116c2d49e453d

SHA1
f59ba1b6e5da1b4d9e7e4cc2a53c4f5f5cc84eba

SHA256
338e51c9d6d83fba88e614b00c8cfebcd0699f404134c37cfb3ce306aa83f162

SHA512
04059ded48469366cd2261d032e99694126caaad83417fdb786c76c7f58afccd750351f2f8f96dbadda2d2763cae8b77867781703541431004e28506102f5b8c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
72cea8fee3a5d2ebbfbdf0b1d5b53681

SHA1
bdc329ff6fcfd4480691318d1744997502d77988

SHA256
a959ceff45dbf66c9cbfe810f61c976448f876e8131d21fc576482f3db94387a

SHA512
0ffae24a34c8a181c34e24046aee2bc044389f7f5ceb4285c25c5f034d101aa9fb7a159b1915bc15d2eb8b5af2a6587805ca7ec23805a3c67b780b9997718f13

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
be4b5c51c72404ffb5d04c9ae19378b5

SHA1
046075a59418a924672e012a4759625ef61ec12c

SHA256
8c383e6db93ac696e8076b2b2f091c7fea2c1169a95c2ff9af138854c3ebdef3

SHA512
022ffd1c85e606f5d2abd347f7ebe384219646bc706e20bce06a55ce94505b2174847437eeec4dbece5023be038f8e9dc4171dd46b9b2512904278958efae052

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
dc8dfbc48719fc48cf2e0f58a51f2df2

SHA1
722461239e7800dbdb5f78766b49cfd5ae20fa9f

SHA256
e2ce129e9dede775fec96bd8fa8d8bac54e332c7dac103d36f42600f3dca2890

SHA512
f3afe449a9cc67ca9dfae5eac4a989a3d6abc8e108cfaccef7116afdd3b5a0e2d72613d6d6df2383626cc3ceb72a6007f8550bdf4d01c7d17819887c43bfa6f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads