aff4d8bda1b6062350bf043bab14de73f3b82ef8a2e5b43311e9362c614f1d17

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/07/2023, 07:13

Target

34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe
Size

7.0MB
MD5

9e23701de8a34d52f379a8eb2b41e733
SHA1

10aaa38ea746069717c0e2b245f60d2aeaa91983
SHA256

34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce
SHA512

b8d3cd62f326562640cddb80ae0cca106ae663da06de84423b19b857a174841e68ff6c47989b957b4d0d6da4289ac1202617c1ac2c32642a29d93f2e16c4646d
SSDEEP

196608:MqQsGbT/9bvLz3S1bA329OqlwCgGzFGYc:9GbTlj3S1bO29OquUzg

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2804	34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000195c2-76.dat	upx
behavioral1/files/0x00050000000195c2-77.dat	upx
behavioral1/memory/2804-78-0x000007FEF5F90000-0x000007FEF6579000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2804	2236	34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe	28
PID 2236 wrote to memory of 2804	2236	34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe	28
PID 2236 wrote to memory of 2804	2236	34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe	28

C:\Users\Admin\AppData\Local\Temp\34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe
"C:\Users\Admin\AppData\Local\Temp\34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe
  "C:\Users\Admin\AppData\Local\Temp\34b696e87a6264f6c722a23e0eae003dd123cf3d3bef1ec491f2a2c8f9516dce.exe"
  2⤵
  - Loads dropped DLL
  PID:2804

C:\Users\Admin\AppData\Local\Temp\_MEI22362\python311.dll

Filesize
1.6MB

MD5
5792adeab1e4414e0129ce7a228eb8b8

SHA1
e9f022e687b6d88d20ee96d9509f82e916b9ee8c

SHA256
7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967

SHA512
c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22362\python311.dll

Filesize
1.6MB

MD5
5792adeab1e4414e0129ce7a228eb8b8

SHA1
e9f022e687b6d88d20ee96d9509f82e916b9ee8c

SHA256
7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967

SHA512
c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

Download Submit
memory/2804-78-0x000007FEF5F90000-0x000007FEF6579000-memory.dmp

Filesize
5.9MB

Download