cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
Size

61KB
MD5

f7e9a4a18fcebeb056b49bde2d111abd
SHA1

a0835e6e27e9efcb66516d36c1ab983d590750aa
SHA256

cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17
SHA512

fbbaf5a0d971f75b0443646ca75736065122ffda4c7db1808a9e85a4a032451d48ab7ed679ac0baa1032cab89c0b7507e9d6af4f2fb78a493531ab98fe2052e9
SSDEEP

768:ReJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:RQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2552	ewiuer2.exe
2448	ewiuer2.exe
2204	ewiuer2.exe
1792	ewiuer2.exe
1260	ewiuer2.exe
828	ewiuer2.exe
1132	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
2984	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
2984	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
2552	ewiuer2.exe
2552	ewiuer2.exe
2448	ewiuer2.exe
2448	ewiuer2.exe
2204	ewiuer2.exe
2204	ewiuer2.exe
1792	ewiuer2.exe
1792	ewiuer2.exe
1260	ewiuer2.exe
1260	ewiuer2.exe
828	ewiuer2.exe
828	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2552	2984	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	28
PID 2984 wrote to memory of 2552	2984	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	28
PID 2984 wrote to memory of 2552	2984	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	28
PID 2984 wrote to memory of 2552	2984	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	28
PID 2552 wrote to memory of 2448	2552	ewiuer2.exe	30
PID 2552 wrote to memory of 2448	2552	ewiuer2.exe	30
PID 2552 wrote to memory of 2448	2552	ewiuer2.exe	30
PID 2552 wrote to memory of 2448	2552	ewiuer2.exe	30
PID 2448 wrote to memory of 2204	2448	ewiuer2.exe	31
PID 2448 wrote to memory of 2204	2448	ewiuer2.exe	31
PID 2448 wrote to memory of 2204	2448	ewiuer2.exe	31
PID 2448 wrote to memory of 2204	2448	ewiuer2.exe	31
PID 2204 wrote to memory of 1792	2204	ewiuer2.exe	35
PID 2204 wrote to memory of 1792	2204	ewiuer2.exe	35
PID 2204 wrote to memory of 1792	2204	ewiuer2.exe	35
PID 2204 wrote to memory of 1792	2204	ewiuer2.exe	35
PID 1792 wrote to memory of 1260	1792	ewiuer2.exe	36
PID 1792 wrote to memory of 1260	1792	ewiuer2.exe	36
PID 1792 wrote to memory of 1260	1792	ewiuer2.exe	36
PID 1792 wrote to memory of 1260	1792	ewiuer2.exe	36
PID 1260 wrote to memory of 828	1260	ewiuer2.exe	38
PID 1260 wrote to memory of 828	1260	ewiuer2.exe	38
PID 1260 wrote to memory of 828	1260	ewiuer2.exe	38
PID 1260 wrote to memory of 828	1260	ewiuer2.exe	38
PID 828 wrote to memory of 1132	828	ewiuer2.exe	39
PID 828 wrote to memory of 1132	828	ewiuer2.exe	39
PID 828 wrote to memory of 1132	828	ewiuer2.exe	39
PID 828 wrote to memory of 1132	828	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
"C:\Users\Admin\AppData\Local\Temp\cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2204
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1792
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1260
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:828
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:1132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\92CIU2IM.txt

Filesize
229B

MD5
020fd1ce90507acb89b8a115e49e1767

SHA1
94226eac31b47615e72359857629e86a3212e2a9

SHA256
ee8c23de5f74d1100fc6568de3a44fa362750fb3dea7c50e94dd92336c30a6d0

SHA512
a219c02385dfaa4c5aee50995272f1bb4bf5b030cfaeff2c3deb9521639c5617e39ec9cc22e51f916e550c679e90dfaa36bb774e767a4764a1472b07539c7bef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K3L0AEZE.txt

Filesize
230B

MD5
f3e6575da47e3391542057ef98246bbf

SHA1
340a20c518e4a361e4037b9b0cc58ed8ad7c7bc4

SHA256
8934b59fa67b3825ea4f1f63c7e46af04959b2a0aca7715e45bf74438a1dc9e3

SHA512
9d2109a21b755dfd2163a7b6c94182cf41c502bc2021024dde81e59131881a7ae29e5fdb8ffde30fc58003a4ab85821eff116b11a021a588cfe8af02836b0810

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
5827121241d8f293ed58e6c41b98c7a0

SHA1
f9c14114b5b8d00aa11111f6eb5b24e6a2706384

SHA256
a5d85e1648b784c1ab5f1d9b91001797b01a714b4fac51b98c59426c0acf3c6e

SHA512
4994bea2546c3741d7bab576804eea86526c6bb6b5ec068d52ab00c165df8da96f1f2fc95bb914aa4815c4181ad81ae5921fdf1dd6225f8eb99622970ee3e600

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
dac0a784afbdf9f4e5d8ceee5a448847

SHA1
18729cf7599484ba943345f6f78cff78c24b4dba

SHA256
2a70004c1d1ab568440456a1158c2a0dcc4b62439c1a39323a4e948d76abfcb5

SHA512
5541a38a0024d6f24a09ba1b8e8d6040b72acf4454061df6e56baabdd1ff9e340bcdec5072af3e75c75d6b7fbccd807c080f159f0d0eb079878786f681db6e01

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
94a92b46df667269269b718f8254898a

SHA1
5949008e0149026f0aa034d038512d42f8bd262a

SHA256
4dc9da762ecd387bfe42615a597eb85125186524ac386e2669f1eb99ad346cd5

SHA512
d467e02bc23ae8767f4d27678f7eb794288566b6f2eca8acffe770a43e5cccde987dca95ca77f642e3e407414062efa4ca616b01cc6424de91661b71f0e9fa91

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
dd47f421fef4e0e2970a2beea50c74dd

SHA1
eb2affc5ea2c359020de6f1ff97a82d1ae3b186c

SHA256
0ebf1a764a1e89e1ab3d14ac5b7f70e0ecd666cdc0d2930e7f2568a82c00ba8b

SHA512
e46b008f987aa04ee200cda058aab63657003fc17fa134ea5d5613e11c22c230b933bc5862df5b829cfaa8cb4f1a61fbf9ef6134ccb38f7a2a288c415b732098

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
5cba19b91e53d157dfb61e67d5e91d94

SHA1
22babfe1fcece348a0cbc05849061f5b4545f4a5

SHA256
cc7248c0a0ea7e192852fa8c3330f6b82138d1cab7c429933fab96e85cbac057

SHA512
dcea444937d7b16af1f9f8af64d9ab5b83358e42bf0650cd2fd89f701dd9efd70249fbe926a47a6ac5e4ad6df26d01912c9d9d01dbaf612800f918592aaef44e

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
bbe29333b8d43a91affc17e52ef427c5

SHA1
dfc4acf05f4b1a264d3657262e13fbde32734b14

SHA256
10a455967e99088f754befb4dddc6da28433e52e27ae88b4d324a50c66b8eb36

SHA512
a3fe7f6eb97c80a7b5ad9df7db1d9c692dc7b0446cf4ab35b411929ec8d53e15ce8daf627f8182bf6fa6497ed4eca8c2630549430cbe96a569a5adfbd33117a6

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
afe658e2aa88f678b0bed967e032a205

SHA1
ce7083673cc80ca863a0872fe69e8b01dbcb7934

SHA256
89b588309731f3182b478c74010e1b97d40b00933fcae34574e21a4fd19e34bf

SHA512
4e031049d64488f703ead4d3c9bc6e5ffde0b43354f07ea800a5952429803dff89f507cc57e2728e164752dfe12503a1a51720e633b3d1de603f5a2d857a8562

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads