241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625

General

Target

241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe
Size

61KB
MD5

681b02913a2c223642e211448377e679
SHA1

267de3e888ac069a6a23b03855ee0979622c1baf
SHA256

241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625
SHA512

d835c81a47144c2f665a2f9f87fe977a7840cfb05c6311e5ded5472bef050cd40ba7286f34e2bf3ab9cd2c180c74ff86077ad4e8775cba2a05733826c89cad8e
SSDEEP

1536:Uttdse4OcUmWQIvEPZo6E5sEFd29NQgA2w6TNle5:sdse4OlQZo6EKEFdGM29le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4924	ewiuer2.exe
636	ewiuer2.exe
888	ewiuer2.exe
2624	ewiuer2.exe
1880	ewiuer2.exe
1868	ewiuer2.exe
5380	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4924	3996	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	82
PID 3996 wrote to memory of 4924	3996	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	82
PID 3996 wrote to memory of 4924	3996	241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe	82
PID 4924 wrote to memory of 636	4924	ewiuer2.exe	97
PID 4924 wrote to memory of 636	4924	ewiuer2.exe	97
PID 4924 wrote to memory of 636	4924	ewiuer2.exe	97
PID 636 wrote to memory of 888	636	ewiuer2.exe	98
PID 636 wrote to memory of 888	636	ewiuer2.exe	98
PID 636 wrote to memory of 888	636	ewiuer2.exe	98
PID 888 wrote to memory of 2624	888	ewiuer2.exe	100
PID 888 wrote to memory of 2624	888	ewiuer2.exe	100
PID 888 wrote to memory of 2624	888	ewiuer2.exe	100
PID 2624 wrote to memory of 1880	2624	ewiuer2.exe	101
PID 2624 wrote to memory of 1880	2624	ewiuer2.exe	101
PID 2624 wrote to memory of 1880	2624	ewiuer2.exe	101
PID 1880 wrote to memory of 1868	1880	ewiuer2.exe	108
PID 1880 wrote to memory of 1868	1880	ewiuer2.exe	108
PID 1880 wrote to memory of 1868	1880	ewiuer2.exe	108
PID 1868 wrote to memory of 5380	1868	ewiuer2.exe	109
PID 1868 wrote to memory of 5380	1868	ewiuer2.exe	109
PID 1868 wrote to memory of 5380	1868	ewiuer2.exe	109

C:\Users\Admin\AppData\Local\Temp\241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe
"C:\Users\Admin\AppData\Local\Temp\241d4e18736f0fa50088af8994fd49fd8fa219e2c650100efd451b8901ecc625.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4924
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:636
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:888
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2624
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1880
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1868
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:5380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
0ecab0ef320866e7fdd1eac7dd4af285

SHA1
b4ac695acbcabcad9aadda76c54612726e51baf6

SHA256
eb15f5e3fee7d56b8287fc1704ff7888c10e72b6c0d0bbcc8e66a263266466a5

SHA512
a7d651940cbed1a7e23e9c288748a3226536c5caf6ee2ffac4d263b63009dbd3ee89181217438f5c5d62dd0be34f0546cf618ffe6a3802c3375efe586c5be40f

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
9c9e95c7be0e75217ce6410672a83eb3

SHA1
f439977a61c3e17b004d836882adbc2c64788e8e

SHA256
c35e6ef9388555bc9606df85692d1ef41e800e5d55ae81934309bc7f8810c7a6

SHA512
9992eaa85b8d07fc6a37b6572e765874ea6492f33998ef0f786ddd4de00fffdebdce448a8756b02debe8c1f9b014be7194883536e0f94a58f95d0e0b7e187e0c

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
f6d0dc27ae925d58d43a6ae11d061fb6

SHA1
2d8bfddf392de0eba257ee94a52484e65896e6e6

SHA256
52f93dd84faa0f6017b2b474157ad6091e378f06b82de084694744d9627dd663

SHA512
920093bc001247117db81c9d24d8ea981e228bdf8ab3b23c30d19dfb31c52b76e67d921fb8929858632edff9e7f98fdec542d2dd225b28c62d5f75f1ea0c2205

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
137f703fc35474d05a534a80ff32e083

SHA1
dd86fad1452235da4705b7fc7507e1dd9912a313

SHA256
f0e622cd3e2244f77e4072f4a0f7009ed514a571763c6ed7d5cbb03fe838babd

SHA512
bde5863f3a683917d8eef4c61e5de4e7a293ede539aa718ed944c8d759046e9eccee0ed3ae60f484a4b56f3beff529ce34a2fe0f3c7c6fa6e14d085134a31093

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
7e4608a6b5dfa2f42e201744204b6014

SHA1
23bdb6a6113755c4e5377e933669231e911a3be8

SHA256
2f44044607720531680300639fc11347a091c3ecd00765fc92d8b2dd5c78e43f

SHA512
7426a7b8b9e8f10f4aa8449254d45072fdda70445bd9284f41205c7f2f8b4f036b7721dfa28070d5324bdb00ebc18ae98b0ad526a1dfb8f2a06f2c2e29857900

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
840dff4c999bca7897910004c70be867

SHA1
0acaab1283e710f5025dd5fde6e5faebacfd0db5

SHA256
4fc9f19187cadb66a8654ba3dacfbfe4db0ebd6347d4140d158b9d7d8507086a

SHA512
c7118b0cd6bcef617395c5af6fcba987573db4a4cf0076f8c294a23e6e031b40adb4f0b010b3c33561f2d67a969c52d7759f8f0d42272c58b761316344c2dd0c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
86a95fadc56daa76cfb7a4064981490d

SHA1
eadace00cd2aed7481b6b32bf3fbb6c9646a307d

SHA256
6da748c8599c8ec5e004fd2b4405ec557302ec42b26ed9dc44324ae71fc344dd

SHA512
6dc3e8be67c5d77a2a39d31ff76ed975fb5d2b1ecf5b46a954d0b4d67ef7080aeae3283c007e4c4a854b22653c534e278fb81c9eb30f8504f655d649e762f4f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads