b54797f916fb6e29066b3bcabff390177cffe574778e07f1812bb1d973a425e1

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
08/08/2023, 07:32

Target

main.exe
Size

11.1MB
MD5

6aa8125917683bc361efdd2821012d54
SHA1

a4748775e55a2c551bdcf73a8a4bb6a34bf4acbc
SHA256

b54797f916fb6e29066b3bcabff390177cffe574778e07f1812bb1d973a425e1
SHA512

4761c81fbf1a0adce6544a2b3548d7c8c78ebf80820cb65d8f6184cee61554ea785579a44bead8481a25c719c7add4e06e8f47dc8fd477bc5bb9b4b750f9531d
SSDEEP

196608:k2XVa65nyY3pTDfyGR21X5Sp6GemDMPwWRA+xW0p8G9Au5l0YPGAfhz:5yY3pTDfDspfaMPlRX8pY2Et

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2728	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2728	748	main.exe	29
PID 748 wrote to memory of 2728	748	main.exe	29
PID 748 wrote to memory of 2728	748	main.exe	29

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2728

C:\Users\Admin\AppData\Local\Temp\_MEI7482\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7482\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit