85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 23:47

Target

85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c.exe
Size

61KB
MD5

24d9e8b001c5ffb67624e39196e95472
SHA1

661dc201819b703788c811209d05cfd782cc9e6e
SHA256

85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c
SHA512

823c2a3d8a10d1f278405fdc1456dcb2d53543cde80002f0cf2a36242e9118e5093ed6d81584b1468bb3c4437f8f06d8cc6353acc6da707b67e7581f3ae93d3e
SSDEEP

768:beJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:bQIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Executes dropped EXE 3 IoCs

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 4664	212	85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c.exe	83
PID 212 wrote to memory of 4664	212	85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c.exe	83
PID 212 wrote to memory of 4664	212	85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c.exe	83
PID 4664 wrote to memory of 3664	4664	ewiuer2.exe	98
PID 4664 wrote to memory of 3664	4664	ewiuer2.exe	98
PID 4664 wrote to memory of 3664	4664	ewiuer2.exe	98
PID 3664 wrote to memory of 1912	3664	ewiuer2.exe	106
PID 3664 wrote to memory of 1912	3664	ewiuer2.exe	106
PID 3664 wrote to memory of 1912	3664	ewiuer2.exe	106

C:\Users\Admin\AppData\Local\Temp\85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c.exe
"C:\Users\Admin\AppData\Local\Temp\85b599ea6937ce9991197189102f58ee6b3d9979d7b65f731f158e8939838e4c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4664
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:3664
  - - C:\Windows\SysWOW64\ewiuer2.exe
      C:\Windows\SysWOW64\ewiuer2.exe /nomove
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      PID:1912

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
e2f580f88509d005efd40c67916d8a71

SHA1
332d7c42f90a65d7ecf7f4b416482a71bae8e19d

SHA256
f57d8e0a07f2e250e29ccd02bd5e92f1142736fbbdcab72aba1adbf3215aed32

SHA512
6a33c60c731c1ffcc50ffd736958fb80d6f1aceabd558a02dbe71ada5634a6b90f0939797482a6592c32abc1973cf0694afd6d6340ee87f3ad7671658bb01f3d

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
ce19077052a585e8181024c104b6d56e

SHA1
5f9c9b0b3afb03061a5428358b49647f6c2fde31

SHA256
edc661b35d049c6536441e5639050b1147a10809403ed690d5ddcbf87c224140

SHA512
91a9fe0b3b475e9e7c422127e8817066149b374e51a80cc80b160930799e112ec90dcf99a4d5e69c10b9e5ac3aa6e81f3d3c75d3a26e260f7bb8cd4ec9a2e1b5

Download Submit