80a71b8d04074a8fdabe7377c05b89e2bc7c8aa6665409f710406de67b5eb7f7

Analysis

max time kernel
120s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/12/2023, 19:35

Target

PS99.exe
Size

85.1MB
MD5

4cf6731e323a1b0a9e03842dd552442c
SHA1

81e5523cbd0a8fd9cb7f3e4c24ce4c276c98b30e
SHA256

80a71b8d04074a8fdabe7377c05b89e2bc7c8aa6665409f710406de67b5eb7f7
SHA512

27d09036bf5f3d5f3f060ee719196b7dfddf86257158aff1d615a67061fcc4d4ae762b8b33fcecb0c3218a610d9046960b4fffdf0f7b41ba42605699acf10c35
SSDEEP

1572864:F2MXiJDePU1e4iamkhLDyPl4QiZST/tQE88nZGjSYukZg7q+XaE76ZNiTWZaQ6BA:FZXj4e4iadhLDy943K/tQonZODzZgO+w

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2608	PS99.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2728-0-0x000000013F760000-0x000000013F7C9000-memory.dmp	upx
behavioral1/memory/2608-1286-0x000000013F760000-0x000000013F7C9000-memory.dmp	upx
behavioral1/files/0x000400000001d990-1287.dat	upx
behavioral1/files/0x000400000001d990-1288.dat	upx
behavioral1/memory/2608-1290-0x000000013F760000-0x000000013F7C9000-memory.dmp	upx
behavioral1/memory/2728-2574-0x000000013F760000-0x000000013F7C9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2608	2728	PS99.exe	28
PID 2728 wrote to memory of 2608	2728	PS99.exe	28
PID 2728 wrote to memory of 2608	2728	PS99.exe	28

C:\Users\Admin\AppData\Local\Temp\PS99.exe
"C:\Users\Admin\AppData\Local\Temp\PS99.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Users\Admin\AppData\Local\Temp\PS99.exe
  "C:\Users\Admin\AppData\Local\Temp\PS99.exe"
  2⤵
  - Loads dropped DLL
  PID:2608

C:\Users\Admin\AppData\Local\Temp\_MEI27282\python311.dll

Filesize
1.4MB

MD5
f0b29643a3839b7f2556bae49121b713

SHA1
d5fff9425437052a3969f23635ed84d2f15a3d5d

SHA256
8d33fb4ea74052df3f0eb09f66eb647d36483e26f6b13fd0947413b413021792

SHA512
f4b4fb7a5a6496b5a1d39ad8f9edcc50ebd35e5308ffb265f2547a08606a5059f08bcab02e45b46ed4753c0453c5bd4730798fd082351bf87830c30403bad55f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27282\python311.dll

Filesize
1.6MB

MD5
fbefa551ddc600b040cb8d19f8f3252b

SHA1
6aa101766fd47b3c14b4f2620636244db57bb7b7

SHA256
ddfa913006d4e3fade978be3c73241f93995e2eef60d28ed33b7a66e3ffd9cbe

SHA512
592d4c96c37d11ac46704cb0301d10b994a27fff44a5c229c75292bdfcadee8fdd95126643d44fe6801b0aa5fa3cb1db2a800b1aa51e3314acbfc611ffaafbb1

Download Submit
memory/2608-1286-0x000000013F760000-0x000000013F7C9000-memory.dmp

Filesize
420KB

Download
memory/2608-1289-0x000007FEF5EA0000-0x000007FEF648E000-memory.dmp

Filesize
5.9MB

Download
memory/2608-1290-0x000000013F760000-0x000000013F7C9000-memory.dmp

Filesize
420KB

Download
memory/2728-0-0x000000013F760000-0x000000013F7C9000-memory.dmp

Filesize
420KB

Download
memory/2728-1285-0x00000000002F0000-0x0000000000359000-memory.dmp

Filesize
420KB

Download
memory/2728-2574-0x000000013F760000-0x000000013F7C9000-memory.dmp

Filesize
420KB

Download