3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe
Size

61KB
MD5

1ac3523dbf5ee1a9851bccaab09ce5d1
SHA1

e3365250cbded8302a27b968154b9fc880393fee
SHA256

3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f
SHA512

3433f337492d2802d6d84fb68df5cce31dd3d5cb24748047acfa3b8fde3938cf91bbed70a128245ee0c880fbef54dffa3a3028dc4ed2e2c126fa45ddb21cb7df
SSDEEP

768:neJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:nQIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2392	ewiuer2.exe
2804	ewiuer2.exe
2440	ewiuer2.exe
1188	ewiuer2.exe
1584	ewiuer2.exe
404	ewiuer2.exe
2880	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
1908	3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe
1908	3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe
2392	ewiuer2.exe
2392	ewiuer2.exe
2804	ewiuer2.exe
2804	ewiuer2.exe
2440	ewiuer2.exe
2440	ewiuer2.exe
1188	ewiuer2.exe
1188	ewiuer2.exe
1584	ewiuer2.exe
1584	ewiuer2.exe
404	ewiuer2.exe
404	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2392	1908	3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe	28
PID 1908 wrote to memory of 2392	1908	3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe	28
PID 1908 wrote to memory of 2392	1908	3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe	28
PID 1908 wrote to memory of 2392	1908	3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe	28
PID 2392 wrote to memory of 2804	2392	ewiuer2.exe	30
PID 2392 wrote to memory of 2804	2392	ewiuer2.exe	30
PID 2392 wrote to memory of 2804	2392	ewiuer2.exe	30
PID 2392 wrote to memory of 2804	2392	ewiuer2.exe	30
PID 2804 wrote to memory of 2440	2804	ewiuer2.exe	31
PID 2804 wrote to memory of 2440	2804	ewiuer2.exe	31
PID 2804 wrote to memory of 2440	2804	ewiuer2.exe	31
PID 2804 wrote to memory of 2440	2804	ewiuer2.exe	31
PID 2440 wrote to memory of 1188	2440	ewiuer2.exe	35
PID 2440 wrote to memory of 1188	2440	ewiuer2.exe	35
PID 2440 wrote to memory of 1188	2440	ewiuer2.exe	35
PID 2440 wrote to memory of 1188	2440	ewiuer2.exe	35
PID 1188 wrote to memory of 1584	1188	ewiuer2.exe	36
PID 1188 wrote to memory of 1584	1188	ewiuer2.exe	36
PID 1188 wrote to memory of 1584	1188	ewiuer2.exe	36
PID 1188 wrote to memory of 1584	1188	ewiuer2.exe	36
PID 1584 wrote to memory of 404	1584	ewiuer2.exe	38
PID 1584 wrote to memory of 404	1584	ewiuer2.exe	38
PID 1584 wrote to memory of 404	1584	ewiuer2.exe	38
PID 1584 wrote to memory of 404	1584	ewiuer2.exe	38
PID 404 wrote to memory of 2880	404	ewiuer2.exe	39
PID 404 wrote to memory of 2880	404	ewiuer2.exe	39
PID 404 wrote to memory of 2880	404	ewiuer2.exe	39
PID 404 wrote to memory of 2880	404	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe
"C:\Users\Admin\AppData\Local\Temp\3b9f2230d13b0cbb9782f635b3b20cba0d5a5f7a65daadb1d10238fee793b19f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2440
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1188
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1584
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:404
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\72WAXN14.txt

Filesize
230B

MD5
7f27d59d146c716ee126d918da0f9218

SHA1
109399926c97f0081093c0e5fc5e68aee94fbdc3

SHA256
827d04625cbe11101a1331cd937a27ceba24b7ab49a501e526c32867428164f6

SHA512
76dd0b2e5c135cbffe49e8aa7834ffadf35df06e072f95c6964baf84e380a481c2efc7b391c23c11fd2b78d17358fad5bb4169ede234eab5704becd7a7ec0148

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OO2UTHP5.txt

Filesize
229B

MD5
45e66e54c7fedc8019a6b48f3cefa86f

SHA1
5f00e6af927fc5df5dfee907f17f77a4f2d120e1

SHA256
50ef928a9c93df303102b589eadac52c7c340de957ac62ed97126fc0c6e7e6b3

SHA512
bd992744be0311f3bcf4f67d6d86baf3f1519b6211dd258b6e4410d73007cb8e546d2d3922bb784b4fb3de8090f5164d0b2f7c3cf5353cbc0b005c4b9faecd03

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
ea90b10127dd0c57837e5e5fe6f9f2f4

SHA1
90c8e915a7d759edf9f009fab3b298a7408bb714

SHA256
1b95f144fcb51a73fc635a414f131124a721666c4c0713c5b0e971e0ecfe45d5

SHA512
dde444c57df0b330e69c7063bd4484926df25696cbceb5b20b5c5e6446328bd6e2417a07f6962d1fe6896327d0019c6afd36b7ca2fb00de1040efa4ffd1e6e1a

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
6e6b5fa41ce9d9947c74cb30ada2149f

SHA1
66918c134650f63818c5f9e1ebcf83a8ba081fde

SHA256
b52f5fb71250ad07aaa0872395dfe95973f99443d3e566b5e84f4fe5511615f1

SHA512
c9a7bf980b91108b6063d50e593f598289e8d9b26dfb5d25b2e78101b13f2efe3b56d76aec75318c5b03cacc129b7300dba16bd1c3e84b2cd826c305eadbe52a

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
704e053897e133170c2aabce3b4ad18a

SHA1
ffb419c01680312965541da9b9681b7fdc98fc51

SHA256
27341dc87a79346bb0df991283346921c49358fc496672c8772901a192f14600

SHA512
bb6c514166c1c3a303cd5795fb896b4187829369860ecb02886c71c6c107ac9fdf63b75c401d0a02137fdc89135bf6a1c9a2d5e324fca5e7810484047d49a909

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
122977e22f273c2a85e4eb4a89bc107c

SHA1
86fb9f253b85e3ef6b5fb99f0a5c2cc71ea00a77

SHA256
67e58117326e4d0ef7d15d7cdd468e9a9e78e8853b83a0e53b5e4313c2234619

SHA512
55da7a30f0ea52aeec45a42cb934f99940b1f29e7c0905d265b9330596f35916b67664583e57b953d9ab45263f71e9ad0a93a41886fb4602b21c7fe720a7e13c

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
c0a1e2ca6582beb06371cbfa53dffdd1

SHA1
bcbafc8f3dafe71400568f4d267120f8e3baca22

SHA256
4ba177ef88fbb168f0fe8f5cd115dabf4f438ec5a6368931571bd0dd0565f879

SHA512
2e3b1a7b332e03b065de7250cd8ea424aeea9c593bc9776e3cada64c73e914e58ffd3067cc8841a3ebb333e52d92ce64e0f1a18aa693c42afdff159534c548a6

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
c98c6a8dd2fdb71d9421653454730ed2

SHA1
7974a4f6cade6a1b221f3250d39c693a89851b01

SHA256
5bf9dcdffafc603e25d5b9482bfd1408eb66c2d2de929efefd10be2ed2c16c69

SHA512
b6a492d3247b76c47b2855fd2e08a07abbde235620f978f5738b62eb28c2e45a582fa3bdea7f3a6bad0d6a671f62e96ee2837cc01356eb296e3c66fdb5e4a46d

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
827ae9e44893cf3f9e063997c357ca7a

SHA1
4ea6b737edf744f7aa019b2558e22df3014e6ba1

SHA256
c7337292ba03765d62528f021e77e7d5cdef3cc8c8b8f37e6043b4073ca5abbc

SHA512
6845c5249b4ff525ffdff18adecdf5af545106c2c42738fb5c09d7cb9a80a24903e119ae11c12a231650f963a3eb4b5d436358327cc3affee8fa2a22756f382b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads