241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625

General

Target

241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe
Size

61KB
MD5

681b02913a2c223642e211448377e679
SHA1

267de3e888ac069a6a23b03855ee0979622c1baf
SHA256

241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625
SHA512

d835c81a47144c2f665a2f9f87fe977a7840cfb05c6311e5ded5472bef050cd40ba7286f34e2bf3ab9cd2c180c74ff86077ad4e8775cba2a05733826c89cad8e
SSDEEP

1536:Uttdse4OcUmWQIvEPZo6E5sEFd29NQgA2w6TNle5:sdse4OlQZo6EKEFdGM29le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1920	ewiuer2.exe
1564	ewiuer2.exe
2960	ewiuer2.exe
1244	ewiuer2.exe
2068	ewiuer2.exe

Loads dropped DLL 10 IoCs

pid	Process
2188	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe
2188	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe
1920	ewiuer2.exe
1920	ewiuer2.exe
1564	ewiuer2.exe
1564	ewiuer2.exe
2960	ewiuer2.exe
2960	ewiuer2.exe
1244	ewiuer2.exe
1244	ewiuer2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1920	2188	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	28
PID 2188 wrote to memory of 1920	2188	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	28
PID 2188 wrote to memory of 1920	2188	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	28
PID 2188 wrote to memory of 1920	2188	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	28
PID 1920 wrote to memory of 1564	1920	ewiuer2.exe	32
PID 1920 wrote to memory of 1564	1920	ewiuer2.exe	32
PID 1920 wrote to memory of 1564	1920	ewiuer2.exe	32
PID 1920 wrote to memory of 1564	1920	ewiuer2.exe	32
PID 1564 wrote to memory of 2960	1564	ewiuer2.exe	33
PID 1564 wrote to memory of 2960	1564	ewiuer2.exe	33
PID 1564 wrote to memory of 2960	1564	ewiuer2.exe	33
PID 1564 wrote to memory of 2960	1564	ewiuer2.exe	33
PID 2960 wrote to memory of 1244	2960	ewiuer2.exe	35
PID 2960 wrote to memory of 1244	2960	ewiuer2.exe	35
PID 2960 wrote to memory of 1244	2960	ewiuer2.exe	35
PID 2960 wrote to memory of 1244	2960	ewiuer2.exe	35
PID 1244 wrote to memory of 2068	1244	ewiuer2.exe	36
PID 1244 wrote to memory of 2068	1244	ewiuer2.exe	36
PID 1244 wrote to memory of 2068	1244	ewiuer2.exe	36
PID 1244 wrote to memory of 2068	1244	ewiuer2.exe	36

C:\Users\Admin\AppData\Local\Temp\241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe
"C:\Users\Admin\AppData\Local\Temp\241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1244
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        
        PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
f6d0dc27ae925d58d43a6ae11d061fb6

SHA1
2d8bfddf392de0eba257ee94a52484e65896e6e6

SHA256
52f93dd84faa0f6017b2b474157ad6091e378f06b82de084694744d9627dd663

SHA512
920093bc001247117db81c9d24d8ea981e228bdf8ab3b23c30d19dfb31c52b76e67d921fb8929858632edff9e7f98fdec542d2dd225b28c62d5f75f1ea0c2205

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
88a15f5930f1c6b8c88c946d02018db0

SHA1
a337ca2165a090f485cc014fc64536ab7a4291f2

SHA256
8afcbf74ca71c1a55215339a2484a23e41fdba10646ac88efce0849375cf3fd3

SHA512
1c9bab8021d40e72bccf04d68e7d804f43f844c9a9c6b9b887b06c08a3537a9055a22fa70574cf110e74662afb9b2af2caae06f72c2896952cd99d9f140d360e

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
c38f894c0c6b2b6d134b27064823849e

SHA1
0c99daad41fdc7d1575375bff7723e6dba170d62

SHA256
d6db8b2fc1a956ae4c92d4327b07ea1bbbfac8a20e7679bb96a40445523b151d

SHA512
ea19d18353ff68e0cb212b2addc3e3bb0e933ee8d42a80fd019e549834049869f431ecd531a44fcc6544d68ec47a3684a6cfaf27d6568d1bc828ed214280befe

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
8dee9c5b609e156708c34967c0eca8d8

SHA1
925016d894b787fde92dca4c7e207d338fcb2551

SHA256
74836192436f1e0faf2a8ed9324a98286b9df621e24a27ef41b85efbaf4714d2

SHA512
feefcc2e0ac50a643cf2ef589729e1fc0c9a2e317a6dea277b3f7099177f8e33c34eb4c965940504adc989c99b72d40b610c53aa23034c174c02ba6576e02468

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
bd83ec2e72a31612304852d3e095f7a3

SHA1
db12b2dc378c75264a3e13fcc52a38c4200c7638

SHA256
bc502b74def624a72e3c3eb04c31959585f71e588bd0c3a4118af8252f227cb4

SHA512
f08c76107927f7fd29e43c1a6f7a2d08e18eb497d1b3a3afe89691c198b6bf9d614e44915075e44dabccbd5da08443d7470ea1d8c953a2d88845deef88b05221

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads