5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7

General

Target

5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exe
Size

61KB
MD5

1a9ff3f425e6c3ef4086f063080ed790
SHA1

e0d777342bc1eaa0c96f52196dbffb939fe0e9f2
SHA256

5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7
SHA512

57a000b07ed444813c84661e15513918600cf7100594ad211ce88a3ea4bdd81f1c1cd76e114fe4a54d32b72b6fd7f68e1b76e1606ad12fa019315866ed741520
SSDEEP

768:feJIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uA:fQIvEPZo6Ead29NQgA2wQle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

pid process

1712 ewiuer2.exe
1060 ewiuer2.exe
608 ewiuer2.exe
1008 ewiuer2.exe
1444 ewiuer2.exe
4168 ewiuer2.exe

pid	process
1712	ewiuer2.exe
1060	ewiuer2.exe
608	ewiuer2.exe
1008	ewiuer2.exe
1444	ewiuer2.exe
4168	ewiuer2.exe

Drops file in System32 directory 4 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

description	ioc	process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

description	pid	process	target process
PID 3748 wrote to memory of 1712	3748	5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exe	ewiuer2.exe
PID 3748 wrote to memory of 1712	3748	5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exe	ewiuer2.exe
PID 3748 wrote to memory of 1712	3748	5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exe	ewiuer2.exe
PID 1712 wrote to memory of 1060	1712	ewiuer2.exe	ewiuer2.exe
PID 1712 wrote to memory of 1060	1712	ewiuer2.exe	ewiuer2.exe
PID 1712 wrote to memory of 1060	1712	ewiuer2.exe	ewiuer2.exe
PID 1060 wrote to memory of 608	1060	ewiuer2.exe	ewiuer2.exe
PID 1060 wrote to memory of 608	1060	ewiuer2.exe	ewiuer2.exe
PID 1060 wrote to memory of 608	1060	ewiuer2.exe	ewiuer2.exe
PID 608 wrote to memory of 1008	608	ewiuer2.exe	ewiuer2.exe
PID 608 wrote to memory of 1008	608	ewiuer2.exe	ewiuer2.exe
PID 608 wrote to memory of 1008	608	ewiuer2.exe	ewiuer2.exe
PID 1008 wrote to memory of 1444	1008	ewiuer2.exe	ewiuer2.exe
PID 1008 wrote to memory of 1444	1008	ewiuer2.exe	ewiuer2.exe
PID 1008 wrote to memory of 1444	1008	ewiuer2.exe	ewiuer2.exe
PID 1444 wrote to memory of 4168	1444	ewiuer2.exe	ewiuer2.exe
PID 1444 wrote to memory of 4168	1444	ewiuer2.exe	ewiuer2.exe
PID 1444 wrote to memory of 4168	1444	ewiuer2.exe	ewiuer2.exe

C:\Users\Admin\AppData\Local\Temp\5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exe
"C:\Users\Admin\AppData\Local\Temp\5d38d8d624a56f2ecefe5b8046dda194c25df728e22b43519a4b77faeb0941f7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3748

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1060

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:608

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1008

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
7⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4276,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:8
1⤵
PID:3088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
9617dbb08f82d7f6b5c99ee7c1116d35

SHA1
a035ed28d32665fe1ea8e0e626725e2b78805f24

SHA256
49d169c172dc215738d55f202da6c4bfeb3502e194002adab1eb3ff21f6e0f9d

SHA512
01815963fe700be8fff0cd1350d8e7440ca9dddc9b29960a0db9f36b7bde391d58b83e01d5b1e6e69bf1964a5f5f9a09c816a351c72f96390ef823258a81ff05

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
8ed3cef7951454f23bf9beb1b7989c09

SHA1
c9ebf3c23f96729f5d4f67cc2e84d22efef6e833

SHA256
b5d2033e115606ffbbc9efad6820d17beda385e20f4b289eb5420747b18f52ea

SHA512
03e90e20250c541766beb290e9bac4a073b5a4ecbab450b7065e83413e8ebe549ba207e954872814c40d33d39051f821b4538da58a6badf9ef69126d00a85b97

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
4a39df0a5dcde971b9c6ad5abd7dee87

SHA1
131734aaa5d9a4a900edd5ac830ddb4141273b20

SHA256
3cf077fe0af802525fb843901ebfa087dc1217a4be5be6e5b928276a0dd64b4e

SHA512
4e0d3683e3e2d29d69a6e90e5ba20e1d9dc287710840c928986e34cc1415dba516afd88f0413b4934683fe35ab221b864ab3d541ee18b63dca750808004084b7

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
b71de2784a8249611c1c09fc33ae6e99

SHA1
0b344cf3ddd68161772a81454f81fb082394d2a8

SHA256
56ebe737899277d2d40b02520811b550b9a436e7cd948dc6397b1888e8458405

SHA512
9a7a3f00886846e7d4dd6729da332260aad4c9eee06ad9b0f18517eca86797d2bafdf6de954d3ebc2468ce3b3143c1e6db70f031f6dae75cc24bce1bea3adeb0

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
9d192d3a8a1799cbabf127299b182802

SHA1
77b6d892b20f30158525609edfb21e6713c9e02a

SHA256
3a29633a00c8b416a51df5a06b252dac5802ec3d9c1b67f482a406e3e2245c1a

SHA512
8a213a5f0d748320a11c54c4d4612d5549ed5a44bc2b28adc06341fd754bfee9fae75e43c7118612bb9abfe4954df240cec2e30e523b0ebffd0b4142b0f02ef8

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
d720564e55b7e170a589f2ca084324e3

SHA1
8aa582a41ce23c725589facf73a6312fa7196266

SHA256
dd8be857c4537fc6627553df3c1cb438821293f1c725416204e1a3f1a11c9e75

SHA512
88b8e1dcd40a2a880b96719ff3cde86b0fefc5d51cb4450fcd2b0812ae106c36b1a373f11fb72b5ca5a2f63d76f1e4cc749b3d76f98a627280e5c60041f84597

Download Submit

Analysis

Sharing