e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4

General

Target

e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4.exe
Size

61KB
MD5

4b2b246e51bdcc0bcabdf390352ca00a
SHA1

93db72ada4f02b7f1ed3e31f2ec9aee1025ef8e0
SHA256

e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4
SHA512

a9b0f50999dfa4e97230c8184d1e9dfdefea47fe6929135d2b682dfa4c6daf45f1752166869574e5ea73e6264b81adf9e2cedd632bfb89cef3d9f7cce57d1b69
SSDEEP

1536:Fttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wnle5:Ndse4OlQZo6EKEFdGM2+le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
3984	ewiuer2.exe
5048	ewiuer2.exe
1476	ewiuer2.exe
3452	ewiuer2.exe
1968	ewiuer2.exe
5168	ewiuer2.exe
4628	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 3984	1652	e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4.exe	83
PID 1652 wrote to memory of 3984	1652	e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4.exe	83
PID 1652 wrote to memory of 3984	1652	e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4.exe	83
PID 3984 wrote to memory of 5048	3984	ewiuer2.exe	96
PID 3984 wrote to memory of 5048	3984	ewiuer2.exe	96
PID 3984 wrote to memory of 5048	3984	ewiuer2.exe	96
PID 5048 wrote to memory of 1476	5048	ewiuer2.exe	97
PID 5048 wrote to memory of 1476	5048	ewiuer2.exe	97
PID 5048 wrote to memory of 1476	5048	ewiuer2.exe	97
PID 1476 wrote to memory of 3452	1476	ewiuer2.exe	104
PID 1476 wrote to memory of 3452	1476	ewiuer2.exe	104
PID 1476 wrote to memory of 3452	1476	ewiuer2.exe	104
PID 3452 wrote to memory of 1968	3452	ewiuer2.exe	105
PID 3452 wrote to memory of 1968	3452	ewiuer2.exe	105
PID 3452 wrote to memory of 1968	3452	ewiuer2.exe	105
PID 1968 wrote to memory of 5168	1968	ewiuer2.exe	109
PID 1968 wrote to memory of 5168	1968	ewiuer2.exe	109
PID 1968 wrote to memory of 5168	1968	ewiuer2.exe	109
PID 5168 wrote to memory of 4628	5168	ewiuer2.exe	110
PID 5168 wrote to memory of 4628	5168	ewiuer2.exe	110
PID 5168 wrote to memory of 4628	5168	ewiuer2.exe	110

C:\Users\Admin\AppData\Local\Temp\e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4.exe
"C:\Users\Admin\AppData\Local\Temp\e77215e4bdab2875460e29db7b159a12b424310d5f0d0580db6ffdabf9c3e2b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3984
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5048
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1476
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3452
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1968
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5168
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
cf5cc7070c14cf6e240da04529cc4863

SHA1
b34d354a6e55f8aacfd811e5a4bf0b739ff78f52

SHA256
47367f2c7743e74d3b3960a38704d591ff73b3ccc6db2c18848075c725b4b6ff

SHA512
142b350cebff62cb26c812529f56356de2865a27e56909f80eb9f5b7243870c950072b8e1dd634e965a88d3acc7745cf12cd32291fb7aa7a442e8dbcbefe3239

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
b0923986bcf04661a444108c1eec69fb

SHA1
2fdc0d3b3520ea4d30798d50611091214291e5a6

SHA256
ca090429730e6dfa4ec0bdfbe1d5cde2d056bf071e3b267b3d3b03699acf4df1

SHA512
9e0477d55bc507b140d59082f452db016543ce5af8d69312960e6ca78f572b202777844ec57b9b56ddd3864f071907012d322483b45d2be7ba73957a5f63c72f

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
665b3e754dfaf299abeb57009ab88f78

SHA1
1074b9eab76309620df76a97f26cc6ce70f3d54f

SHA256
36f95a5ebf35ba0f0b4e3fd76051ebf4e2a3de9af69cb91f7f5cc36247d13a10

SHA512
cc0fb93bb8d6ccb18609b9128e4973b0c46d1eec86cbb1265af3f98721e155122203aaff3cedc071b7ef36dd04e43553bc3ce0cfd29b89eafc398102d50d40b1

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
8aa74e86f5a3157b5b26bbb8a2042b1e

SHA1
d182e55bbd699bdadb9d8fbece165a7e7e86691e

SHA256
3f111aa0864f01548eaa4bb8ed9d231ae024aa2f858715b7fd7a22b35cd236d2

SHA512
9dc1baf74e18574df9ccc26338a892a4506e4d9dd8b1e283901330cafcc847e44a92dfb401bd52fbbd55a820b5eea0eb2699ffd17c58c06c981818c4648bcd56

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
8065dd6f76efc7ad404f2cb731586675

SHA1
64c15e9ec33f296ee986dea1ae85ecf97f7ffc71

SHA256
19472f3333818df576f30b0d15272db592af6ca88ea6a13e1e78c05350fcabe2

SHA512
a5a9115c06bbfb008df45c858ad37756276449f85e8b4fc6fa7791f5eae1aca23a2eb03c74d65143926ccb9ab96628d47e6678a19cead6e456aaf26fdb5f76a3

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
9451fb61330993667ddb192d6bd39679

SHA1
6a8a6c6492874c37019c51cae5ee1e72ec436789

SHA256
bd19ed08031f409c7374438bd10c0b028ed95f3c11789b953ea2746b8f222bf2

SHA512
5e36aeed8c165238057674ce180abecdc7901c5542f814c3404415f5cf8b38781a133261ea1de1415927b5544b5c0691df271298664cbe38c4e870318762530f

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
d6b09689ef7da4f368b5fe2c3e1c6fe5

SHA1
c67cfb76643276b5d7696a8650ea396b1a943cdb

SHA256
a0ea4e6176a152783a1487c6c582fdb04840ca9ab0c582d148bb03771c52ee3c

SHA512
c664269df24012ad010e1658caab574491ce3ac9306f312dd820e5b503f889b55b412a1843c8ff49dc6619380a808d24681461dc976011ab1ed681d1cffbfd54

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads