53f771c09ea5cbd5117e5028b1ce94602ccdb262d2c0e38486e210f918d6572c

Analysis

max time kernel
5s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28-03-2023 05:33

Target

V2.exe
Size

13.8MB
MD5

603c6cf85b260ff051f03b9f2cb18323
SHA1

cff54794daec858a77922ad22ade3eb3a005300d
SHA256

53f771c09ea5cbd5117e5028b1ce94602ccdb262d2c0e38486e210f918d6572c
SHA512

ae5ca8583979232683be0132acc187408cb457163659166371ec8013ecbb732fc907de79a5d24cb2f27f1cb0dc77449fb1a215fe28631219161667cda4917b81
SSDEEP

196608:NV/lOqPupb7KX/x1uq1DO6eNJm3AqTjzpLRUZtOnqzsvg1XxNTvx63HKKA:MqPuYXJx3e/m3ptCeu1RxNY3

Score

7^/10

upx

pid	process
896	V2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17202\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI17202\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

V2.exe

description	pid	process	target process
PID 1720 wrote to memory of 896	1720	V2.exe	V2.exe
PID 1720 wrote to memory of 896	1720	V2.exe	V2.exe
PID 1720 wrote to memory of 896	1720	V2.exe	V2.exe

C:\Users\Admin\AppData\Local\Temp\V2.exe
"C:\Users\Admin\AppData\Local\Temp\V2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Users\Admin\AppData\Local\Temp\V2.exe
"C:\Users\Admin\AppData\Local\Temp\V2.exe"
2⤵
- Loads dropped DLL
PID:896

C:\Users\Admin\AppData\Local\Temp\_MEI17202\python310.dll
Filesize
1.4MB

MD5
99cb804abc9a8f4cb8d08d77e515dcb7

SHA1
0d833cb729f3d5c845491b61b47018c82065f4ad

SHA256
8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

SHA512
43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17202\python310.dll
Filesize
1.4MB

MD5
99cb804abc9a8f4cb8d08d77e515dcb7

SHA1
0d833cb729f3d5c845491b61b47018c82065f4ad

SHA256
8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

SHA512
43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

Download Submit
memory/896-144-0x000007FEF5DD0000-0x000007FEF6234000-memory.dmp

Filesize
4.4MB

Download