cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 02:57

Target

cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
Size

61KB
MD5

f7e9a4a18fcebeb056b49bde2d111abd
SHA1

a0835e6e27e9efcb66516d36c1ab983d590750aa
SHA256

cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17
SHA512

fbbaf5a0d971f75b0443646ca75736065122ffda4c7db1808a9e85a4a032451d48ab7ed679ac0baa1032cab89c0b7507e9d6af4f2fb78a493531ab98fe2052e9
SSDEEP

768:ReJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:RQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Executes dropped EXE 4 IoCs

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 4212	1368	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	83
PID 1368 wrote to memory of 4212	1368	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	83
PID 1368 wrote to memory of 4212	1368	cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe	83
PID 4212 wrote to memory of 4448	4212	ewiuer2.exe	100
PID 4212 wrote to memory of 4448	4212	ewiuer2.exe	100
PID 4212 wrote to memory of 4448	4212	ewiuer2.exe	100
PID 4448 wrote to memory of 1356	4448	ewiuer2.exe	101
PID 4448 wrote to memory of 1356	4448	ewiuer2.exe	101
PID 4448 wrote to memory of 1356	4448	ewiuer2.exe	101
PID 1356 wrote to memory of 764	1356	ewiuer2.exe	103
PID 1356 wrote to memory of 764	1356	ewiuer2.exe	103
PID 1356 wrote to memory of 764	1356	ewiuer2.exe	103

C:\Users\Admin\AppData\Local\Temp\cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe
"C:\Users\Admin\AppData\Local\Temp\cd477a7f32eeb2d65e70aa05dbc99399f377d111fcba4a87310b16f3f93f5d17.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4212
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4448
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1356
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:764

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
d441478aeef037a017a20b6195acf95c

SHA1
2d5576410134d13b56525ce5d555bd3a694ee295

SHA256
b1f1d33b9ce224140dbf6de770836defffb8e0b266d8de124e555154ce8f3647

SHA512
73be681175d88030dc7cd000ee358e50259ec812fb5253fa3814d8dedecd6bd3e414e2e9d1924faddee4919551acd3aa3be1846195c06a404bfbe6ae117d3c2c

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
5827121241d8f293ed58e6c41b98c7a0

SHA1
f9c14114b5b8d00aa11111f6eb5b24e6a2706384

SHA256
a5d85e1648b784c1ab5f1d9b91001797b01a714b4fac51b98c59426c0acf3c6e

SHA512
4994bea2546c3741d7bab576804eea86526c6bb6b5ec068d52ab00c165df8da96f1f2fc95bb914aa4815c4181ad81ae5921fdf1dd6225f8eb99622970ee3e600

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
fc625e8366230bc35c684c8fddc0e2ca

SHA1
d4c066601a46747a9a9cfa90ca3ee1458ee3dd16

SHA256
f905f26e3ff23f2f4319182ee97f2cf4555f63fbaffdcdf17aa100f359daf292

SHA512
405892e233a648a5ae73ad91ab5b3d2038989b27d1f0759ab1d6cd568f7e7cc6e0bcb1e66ca9fb8a666d4be04c96b902a8d3b34764e3390e6c12ebad5c9921d5

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
94d5ecb45059adafbdd3c18beb633070

SHA1
f7b7cd84599cdf3b0869942e559ca0072b7e3eee

SHA256
0241d5955288c420a6801c840d710db5f356edc5da0d01dfe24d23ccbf498777

SHA512
6d29c120d4cbd6410b089c065fd86b4b5706f71f58d7bfb628a3bfaac312b0e73e74f8dadc08fd2e4ee7e8c0a9a4db2cfd3176cf286696eaf922157a330042df

Download Submit