7a691e548951b8d8b9b77dcc814a0d1f891e8442f6c417791b9bb75a05020c47

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05/06/2023, 21:15

Target

main.exe
Size

18.0MB
MD5

54fbf65136d91612fc75e6d814e2073d
SHA1

0698b98e7678a4daa8e0de81965239244342d3d3
SHA256

7a691e548951b8d8b9b77dcc814a0d1f891e8442f6c417791b9bb75a05020c47
SHA512

7307bd69d515b3eb755ce3e0f62e9f12ce22c651aec08d999f755cbf34b65fd99b72ec7dfb80f4f48d9f6ede7e525b992ef99485eab83f8cab7c505a36187683
SSDEEP

393216:aqPnLFXl4pHdTQ9bAlbRu3oNGV9Ngg78hhomqo7oNc9ynr+N:vPLFXivQ9bO43NbNMnGp

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1408	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000015ea9-181.dat	upx
behavioral1/files/0x0006000000015ea9-182.dat	upx

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1408	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1408	1376	main.exe	27
PID 1376 wrote to memory of 1408	1376	main.exe	27
PID 1376 wrote to memory of 1408	1376	main.exe	27

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:1408

C:\Users\Admin\AppData\Local\Temp\_MEI13762\python310.dll

Filesize
1.4MB

MD5
0b55aa3f43e40cdefc281e4f2b90c2d2

SHA1
93de1006a5d8ac106f6d1c6c5450ef9b4b9a84c7

SHA256
e8fe39f9b8b0c162223a97992f2ad6433d648bcffab26c2d2c94fedd9714cdae

SHA512
ef5ac5c04516ca722a3cdec1ad49941e6a36efaf4d9829d417a325be9c2ea70ce47a67d16350fe2d485b30dc7b866d94ce97cacb335d83105de5648c95a1b9f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\wheel-0.38.4.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\python310.dll

Filesize
1.4MB

MD5
0b55aa3f43e40cdefc281e4f2b90c2d2

SHA1
93de1006a5d8ac106f6d1c6c5450ef9b4b9a84c7

SHA256
e8fe39f9b8b0c162223a97992f2ad6433d648bcffab26c2d2c94fedd9714cdae

SHA512
ef5ac5c04516ca722a3cdec1ad49941e6a36efaf4d9829d417a325be9c2ea70ce47a67d16350fe2d485b30dc7b866d94ce97cacb335d83105de5648c95a1b9f5

Download Submit
memory/1408-183-0x000007FEF6290000-0x000007FEF66FA000-memory.dmp

Filesize
4.4MB

Download