cf487c86c6c46ab7937c8ccd8dc38dc66a0e5c80fb6ca8ab885edfef07535d1e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 09:17

Target

flip.exe
Size

10.6MB
MD5

20d8a40e1c4a363aaecd9101b66946a5
SHA1

a34c6010700a8360c9f7492c1d03292dcce686ed
SHA256

cf487c86c6c46ab7937c8ccd8dc38dc66a0e5c80fb6ca8ab885edfef07535d1e
SHA512

0a1774584567feb8198a858c4bf713f22ed42a3c94a74f9409658598999c241f1b398c2b728eef4fd5222aa60b0da143110e0d8a51447eb1acc218706fef3301
SSDEEP

196608:vqol3tEFDUpQ5/ISWdQmR5dA6lbuErSEEJwuUmF9ZKYwsYPO0ksBKQzH:yy9dM/ISWdQ2lb+9JFKCdG

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1656	flip.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 1656	2872	flip.exe	28
PID 2872 wrote to memory of 1656	2872	flip.exe	28
PID 2872 wrote to memory of 1656	2872	flip.exe	28

C:\Users\Admin\AppData\Local\Temp\flip.exe
"C:\Users\Admin\AppData\Local\Temp\flip.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\flip.exe
  "C:\Users\Admin\AppData\Local\Temp\flip.exe"
  2⤵
  - Loads dropped DLL
  PID:1656

C:\Users\Admin\AppData\Local\Temp\_MEI28722\python311.dll

Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\python311.dll

Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit