b8a9fcde3cb3f9130318b07a3b8c715e8fd9edcef11aa8af56b3942cf2566943

Resubmissions

06-10-2021 16:05

06-10-2021 15:58

Target

lol.exe
Size

6.8MB
MD5

4eb70e6ca68fd90ce23f809bceea02d7
SHA1

0f96257dd603feabcfeca22f0ce5029f17ba4c2d
SHA256

b8a9fcde3cb3f9130318b07a3b8c715e8fd9edcef11aa8af56b3942cf2566943
SHA512

76ffc45928fb6f21a511e6a30ecf4de2877d5b982ee553279ccb642db852ebe7edbf56c37fd4d3aa7b40a91c9df0cd193523a71f9b6907e7650a10d72a448705

Score

7^/10

pid	process
1064	lol.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

lol.exe

description	pid	process	target process
PID 1232 wrote to memory of 1064	1232	lol.exe	lol.exe
PID 1232 wrote to memory of 1064	1232	lol.exe	lol.exe
PID 1232 wrote to memory of 1064	1232	lol.exe	lol.exe

C:\Users\Admin\AppData\Local\Temp\lol.exe
"C:\Users\Admin\AppData\Local\Temp\lol.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232

C:\Users\Admin\AppData\Local\Temp\lol.exe
"C:\Users\Admin\AppData\Local\Temp\lol.exe"
2⤵
- Loads dropped DLL
PID:1064

C:\Users\Admin\AppData\Local\Temp\_MEI12322\python39.dll
MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12322\python39.dll
MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
memory/1064-54-0x0000000000000000-mapping.dmp

Download
memory/1232-53-0x000007FEFBA71000-0x000007FEFBA73000-memory.dmp

Filesize
8KB

Download