22cb2fba2dde578f61c82ed450c88c9060629fa7736bb7e27a584c97473c0883

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-02-2023 19:10

Target

Creal.exe
Size

14.9MB
MD5

00b471bd631a06fb4b21b345effb880b
SHA1

b6e52506741ba627a96e681cb381db90c3fd21ca
SHA256

22cb2fba2dde578f61c82ed450c88c9060629fa7736bb7e27a584c97473c0883
SHA512

29c403af0115254f1b449c3a0d7de2eb816ad5458b9168f72b80aa28684ceec6e6e43a79e9f9832bdd6cc58e6700d51b6e587be320dea1654d584df95c1df9c1
SSDEEP

393216:GxAlnAT6K4/m3pWFqyoBgsSI7oeCMJf0:XlAWK4K91p75CMJ0

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

Creal.exe

pid process

1496 Creal.exe

pid	process
1496	Creal.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI3642\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI3642\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Creal.exe

description	pid	process	target process
PID 364 wrote to memory of 1496	364	Creal.exe	Creal.exe
PID 364 wrote to memory of 1496	364	Creal.exe	Creal.exe
PID 364 wrote to memory of 1496	364	Creal.exe	Creal.exe

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:364

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
2⤵
- Loads dropped DLL
PID:1496

C:\Users\Admin\AppData\Local\Temp\_MEI3642\python310.dll
Filesize
1.4MB

MD5
bbcb74867bd3f8a691b1f0a394336908

SHA1
aea4b231b9f09bedcd5ce02e1962911edd4b35ad

SHA256
800b5e9a08c3a0f95a2c6f4a3355df8bbbc416e716f95bd6d42b6f0d6fb92f41

SHA512
00745ddd468504b3652bdda757d42ebe756e419d6432ceb029ed3ccde3b99c8ae21b4fc004938bb0babaa169768db385374b29ac121608c5630047e55c40f481

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3642\python310.dll
Filesize
1.4MB

MD5
bbcb74867bd3f8a691b1f0a394336908

SHA1
aea4b231b9f09bedcd5ce02e1962911edd4b35ad

SHA256
800b5e9a08c3a0f95a2c6f4a3355df8bbbc416e716f95bd6d42b6f0d6fb92f41

SHA512
00745ddd468504b3652bdda757d42ebe756e419d6432ceb029ed3ccde3b99c8ae21b4fc004938bb0babaa169768db385374b29ac121608c5630047e55c40f481

Download Submit
memory/364-54-0x000007FEFB6B1000-0x000007FEFB6B3000-memory.dmp

Filesize
8KB

Download
memory/1496-55-0x0000000000000000-mapping.dmp

Download
memory/1496-59-0x000007FEF5E50000-0x000007FEF62BE000-memory.dmp

Filesize
4.4MB

Download