66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd

General

Target

66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe
Size

61KB
MD5

4a2bff0219ea8b915e3fc6dfbca2aa6e
SHA1

a336a7e89d143d56ee85911aa72b888db0136bcf
SHA256

66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd
SHA512

8fee760451866e147dbc874254efd0969bbffeb2f7d3320520671d9fdb634cb0315f8d3757bb982afe23e637fec2da32e83b8f9d3af94ffd78d5bbf5f8681e86
SSDEEP

1536:ettdse4OcUmWQIvEPZo6E5sEFd29NQgA2wnle5:Gdse4OlQZo6EKEFdGM2+le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

pid process

2700 ewiuer2.exe
2484 ewiuer2.exe
3024 ewiuer2.exe
1200 ewiuer2.exe

pid	process
2700	ewiuer2.exe
2484	ewiuer2.exe
3024	ewiuer2.exe
1200	ewiuer2.exe

Loads dropped DLL 8 IoCs

Processes:

66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exeewiuer2.exeewiuer2.exeewiuer2.exe

pid	process
2856	66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe
2856	66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe
2700	ewiuer2.exe
2700	ewiuer2.exe
2484	ewiuer2.exe
2484	ewiuer2.exe
3024	ewiuer2.exe
3024	ewiuer2.exe

Drops file in System32 directory 4 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exe

description	ioc	process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exeewiuer2.exeewiuer2.exeewiuer2.exe

description	pid	process	target process
PID 2856 wrote to memory of 2700	2856	66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe	ewiuer2.exe
PID 2856 wrote to memory of 2700	2856	66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe	ewiuer2.exe
PID 2856 wrote to memory of 2700	2856	66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe	ewiuer2.exe
PID 2856 wrote to memory of 2700	2856	66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe	ewiuer2.exe
PID 2700 wrote to memory of 2484	2700	ewiuer2.exe	ewiuer2.exe
PID 2700 wrote to memory of 2484	2700	ewiuer2.exe	ewiuer2.exe
PID 2700 wrote to memory of 2484	2700	ewiuer2.exe	ewiuer2.exe
PID 2700 wrote to memory of 2484	2700	ewiuer2.exe	ewiuer2.exe
PID 2484 wrote to memory of 3024	2484	ewiuer2.exe	ewiuer2.exe
PID 2484 wrote to memory of 3024	2484	ewiuer2.exe	ewiuer2.exe
PID 2484 wrote to memory of 3024	2484	ewiuer2.exe	ewiuer2.exe
PID 2484 wrote to memory of 3024	2484	ewiuer2.exe	ewiuer2.exe
PID 3024 wrote to memory of 1200	3024	ewiuer2.exe	ewiuer2.exe
PID 3024 wrote to memory of 1200	3024	ewiuer2.exe	ewiuer2.exe
PID 3024 wrote to memory of 1200	3024	ewiuer2.exe	ewiuer2.exe
PID 3024 wrote to memory of 1200	3024	ewiuer2.exe	ewiuer2.exe

C:\Users\Admin\AppData\Local\Temp\66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe
"C:\Users\Admin\AppData\Local\Temp\66adb2e8cc5a92652d12ce5d470ee1ecc4f7de7744ca8fcc44b152b5aefb39fd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F2O923GL.txt

Filesize
229B

MD5
9f944cfe8457da59dd975b917a5d7f90

SHA1
167311bc5882c99c9dfcedab441fdc2c6ae885f4

SHA256
33f9915ae3d0b7b92b19b477ec708eb45028cf84678133d8c94b0f80e16ff405

SHA512
bbc0e02e15641f5a1a29b13c59840a7b57809143a2ec715a34460c7be2dc32194c22fa8545f8524db0fdf6c36ab2c010eb54e9c4a903198d522bb9b0fd9fe357

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JLU5ACMG.txt

Filesize
229B

MD5
f81285e259c09fe5183c81860c35eea7

SHA1
c42ce5e99bca9f4552c9acf19c01e15a74e03ae9

SHA256
a91b86dd793653bba77ccc92f332ae79d08dc64f092f52802c5882f740887f0d

SHA512
56d5798c9ac57723e2b7f85389a332123528f1bd793419d28e7020d9d306c30819b8a3cf461e5aa2136287ebfd8b3a6adf0fceb9f2e3229b5ab83d83efefb5a0

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
96e270d7e4bce5e9635489b89b0003a7

SHA1
cbfdcf719df04ae780b42687d6170b95eb50424c

SHA256
4d12fc4deb4b683ea5948f8e8e93b883cd7f601884981aa27d6b33650e8af795

SHA512
da3699e3b128e2504ccecc31a14344634c5c24483f95cc591fc6b0cd824b37de15da6e2186c1c2be1c310d4688d3753d99755bee03befec24ede339eff3a46c8

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
9f5ce1a2272d8f78201d83897f2a37bc

SHA1
96b643fa4458be9214034ca6c6de646048bac906

SHA256
def2be1a4843e70b8476eae0b5305ffa7c70258fed6122fa240ae98aa2c25334

SHA512
67a657b8571cf82a811f139da21fa03084a8d39a0a26cbeb2ed2aeb93e42d8ccade1ffce73ef3de1b5f9c8e99897f8ad74fcd17608b0cea871b03d1c0e0fd2fc

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
5de634c16c2f211daaf1607135b7cbac

SHA1
f59850d981d73f570f3ba99812df4af54381baef

SHA256
9b473d30fc265669f4deb2b58cbd8d57f38953dc50def6e6431584ae001ceb92

SHA512
7115f1a59ff1400548636c7af56c3c337a06c43b0f0aa0e1587083d2eef7fc07f42236513f19f10369de6d852ef100839ef6639a4f4d2ddd3faa8e0492dafdfe

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
4f176025432a658349e5cd24df5c8841

SHA1
d77011ed6852aa22fd12a26b082a2c9ed3fa41b9

SHA256
5f369732aed9cc56a33596d2746c54f2819746b8b78930755568d72a60245533

SHA512
a7501ab75bf7d0393d07ad59b05d8cfdfcde3640389f447f400c2ecd7bdbf55d9cd99de40b86e0da80f09ba3de71d2c00c748f8dd46185eaaaf37c1231975182

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads