1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19

General

Target

1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19.exe
Size

61KB
MD5

9112f5517726bea964f0d1b411e63a00
SHA1

fe3eb58d7bf859e093c25684aff029238bb52913
SHA256

1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19
SHA512

886b39224e54a5f4f890bdad58e96203676a6c8c66574445a086e513277faa7c7ffd4b1136ae0a6533d72c3629cf927cfddc50b365fda2b16f862eb440a68fef
SSDEEP

768:feJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:fQIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4308	ewiuer2.exe
1468	ewiuer2.exe
4736	ewiuer2.exe
2116	ewiuer2.exe
3312	ewiuer2.exe
2656	ewiuer2.exe
3716	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 4308	2484	1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19.exe	82
PID 2484 wrote to memory of 4308	2484	1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19.exe	82
PID 2484 wrote to memory of 4308	2484	1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19.exe	82
PID 4308 wrote to memory of 1468	4308	ewiuer2.exe	91
PID 4308 wrote to memory of 1468	4308	ewiuer2.exe	91
PID 4308 wrote to memory of 1468	4308	ewiuer2.exe	91
PID 1468 wrote to memory of 4736	1468	ewiuer2.exe	92
PID 1468 wrote to memory of 4736	1468	ewiuer2.exe	92
PID 1468 wrote to memory of 4736	1468	ewiuer2.exe	92
PID 4736 wrote to memory of 2116	4736	ewiuer2.exe	93
PID 4736 wrote to memory of 2116	4736	ewiuer2.exe	93
PID 4736 wrote to memory of 2116	4736	ewiuer2.exe	93
PID 2116 wrote to memory of 3312	2116	ewiuer2.exe	94
PID 2116 wrote to memory of 3312	2116	ewiuer2.exe	94
PID 2116 wrote to memory of 3312	2116	ewiuer2.exe	94
PID 3312 wrote to memory of 2656	3312	ewiuer2.exe	95
PID 3312 wrote to memory of 2656	3312	ewiuer2.exe	95
PID 3312 wrote to memory of 2656	3312	ewiuer2.exe	95
PID 2656 wrote to memory of 3716	2656	ewiuer2.exe	96
PID 2656 wrote to memory of 3716	2656	ewiuer2.exe	96
PID 2656 wrote to memory of 3716	2656	ewiuer2.exe	96

C:\Users\Admin\AppData\Local\Temp\1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19.exe
"C:\Users\Admin\AppData\Local\Temp\1e4c942efee2461881b765f4ff90f283abdaf1a3dee4365fe70d7207e47c6a19.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4308
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1468
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:4736
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2116
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3312
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2656
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
b85260fffd2a7155a6a502895979014e

SHA1
433ddbe7f4831d39f04c0e936ca2d3e9b6b1bb64

SHA256
ccc46a4330ca992bea85f40c6262012873dd676c52e73a5c08d612fbe06c6712

SHA512
e56f7d598357f218aea8c3e304a8c6108eafcfaa8c226193a5e2d62e9ec0b4805bec6923dc4d1e67449aaa24e38767733d88df03e09582842ae58fc7d8936e79

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
ba2941bc5c360947e402b9c0594482e7

SHA1
fad54fb2fec0375bbd8b22b1a1ac8e53845b5877

SHA256
35eb50b5be39ca0ec57fd8497b3f0f758cd9a141da48416f0b22c0a82351b3d7

SHA512
0873441bd0188ae42a3e5e8c25ff03c8ede10554290f3781b08e1b9643d518f68d53ba0f2885ae1ea3b8b60d72cd70083f610925c79390bd9b671869ed40b275

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
f4ca37a5e6371621e380b17358ac721d

SHA1
c49a8ad2302ec66221e2604601fe5ff9004ef7c1

SHA256
10d3be8d7bfafc262f194d7a88956f081a368efce200269a53f6c60cbbd9d5e9

SHA512
f1d52251e18f3310c0e3eb5b9a06eb2d199be9223b12687f7e3657c69710e4eca8acb3a78b3b23f813d50d98aa6df56901cc80bcbcbba9bae7f604bac052868b

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
bd7cb15d9b7cb2ca8dc4807bcabe6047

SHA1
cade0f799cd966dfb67d4f832f4dac0a4cec8d00

SHA256
3fb4c9ed93a47d8e94e7e32c94e2c28342921ef9478d5dc871a8249e3dbc94cf

SHA512
316b7c0202d68d156402fbc2cc7ad4877a806b181d41374c1de582f8e677f6d97f64670832e1fcba1064bdcdf43a159e7c2cfe97c9a34577a32ec2d306f57e91

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
45d63fd1d35f5ee9f6799e497f67f52b

SHA1
4430a67dcd74551e753b9b308173e57eecc878de

SHA256
a0c811bb64b5d367cbc5132350697320e1b5ed2b5b27a8e7bffeb1a83bfd4e63

SHA512
ff511901e0b2311504c4ec9dc228481fc9ecddd5b30d26decb9cfcf33111c52492dffdecb7ed2acba59c998506de996ef15f230c79a8da9c11af4b2e574e8dce

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
30058d37f28b0b598cc17e005acf5ac0

SHA1
86d1b9c6df31d95dbbd5a27010e145029b0d60bf

SHA256
d80b0774b658ce006c266f0560b0b21dffd498d477d92625e7a317e568182eb2

SHA512
105e9cccd87b97153643070352b9b682ce7fe5225f5200e68be66e96c98aa573d647dff92d6c557dd6dd281e18c50e3f2447a40b5e6bd24a83804378dee1da30

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
d0e85eea17484964b2f635cb758511ef

SHA1
80c0cc79fdaa540da565acb17d9cc0b2296c0701

SHA256
c1d08a3dc3ba4c729f6627a7813cdb47791ec45f802971ee670fd95c6999c6e0

SHA512
ca90f10c04767f793958bd219d1dcb558257af287cd1a99765eb5293b4aace98b2817efdd8b920cdbf52ea48245a0a511798a845c8fbe61c39726720bd347435

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads