234fddc1f667bc45d10cd7b7cd2dcfd3685da04be069aeaa75596e4f46fff3df

Analysis

max time kernel
10s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-02-2023 13:29

Target

ImageLoggerMaker.exe
Size

26.3MB
MD5

ede0c8371b7482c2929e823f1eb39623
SHA1

13b01052266431b1a9ac19272ab0796fddad7e4a
SHA256

234fddc1f667bc45d10cd7b7cd2dcfd3685da04be069aeaa75596e4f46fff3df
SHA512

012126ba0a5a8aae7752f2c9dcc5933000d45414063ef700cd18510263a5350663874096effd1fcd43982b2dbe6f4537a616efe8667d3800f48f6eb04518c2c3
SSDEEP

393216:/ZAlmK1Ft6y6UslVSt/ZOce/m3p8Bz8aS02fRz6bJW84WEcL6XXbke:/WlmK1F09U+4LMK2rgzmW84WEcWHz

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

ImageLoggerMaker.exe

pid process

1724 ImageLoggerMaker.exe

pid	process
1724	ImageLoggerMaker.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI5362\python39.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI5362\python39.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ImageLoggerMaker.exe

description	pid	process	target process
PID 536 wrote to memory of 1724	536	ImageLoggerMaker.exe	ImageLoggerMaker.exe
PID 536 wrote to memory of 1724	536	ImageLoggerMaker.exe	ImageLoggerMaker.exe
PID 536 wrote to memory of 1724	536	ImageLoggerMaker.exe	ImageLoggerMaker.exe

C:\Users\Admin\AppData\Local\Temp\ImageLoggerMaker.exe
"C:\Users\Admin\AppData\Local\Temp\ImageLoggerMaker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Users\Admin\AppData\Local\Temp\ImageLoggerMaker.exe
"C:\Users\Admin\AppData\Local\Temp\ImageLoggerMaker.exe"
2⤵
- Loads dropped DLL
PID:1724

C:\Users\Admin\AppData\Local\Temp\_MEI5362\python39.dll
Filesize
1.5MB

MD5
f81e72e4310f2c649cffad4244d71a46

SHA1
df2ce749d783b60fabafddd3a63fbd1ebe45941e

SHA256
3513bd7263fc78a9dd73ccb1bad22eee9b59f0a33173c4229535fc3814387000

SHA512
e4092a4cbff7046f55ff52da27d4ed9f3b9e5b4f1220654a36e64005913d9ec0b9cd508652699070bb7b3ad9ce00c3b437c183381a6cfa5dfd6151eeb3385378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5362\python39.dll
Filesize
1.5MB

MD5
f81e72e4310f2c649cffad4244d71a46

SHA1
df2ce749d783b60fabafddd3a63fbd1ebe45941e

SHA256
3513bd7263fc78a9dd73ccb1bad22eee9b59f0a33173c4229535fc3814387000

SHA512
e4092a4cbff7046f55ff52da27d4ed9f3b9e5b4f1220654a36e64005913d9ec0b9cd508652699070bb7b3ad9ce00c3b437c183381a6cfa5dfd6151eeb3385378

Download Submit
memory/536-54-0x000007FEFC131000-0x000007FEFC133000-memory.dmp

Filesize
8KB

Download
memory/1724-55-0x0000000000000000-mapping.dmp

Download
memory/1724-59-0x000007FEF62C0000-0x000007FEF674F000-memory.dmp

Filesize
4.6MB

Download