1abb073f9331743ed6fe25f4148922f764da131385b8195abd77f30eed9f9724

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 07:49

Target

main.exe
Size

17.7MB
MD5

6be0be00267bdeaa24f14bac12c841d9
SHA1

1a537a7616a43842eb94d4794c34cf80e32d1da2
SHA256

1abb073f9331743ed6fe25f4148922f764da131385b8195abd77f30eed9f9724
SHA512

57aa12ac69e3dc75be567c62f6a7ab77c6c3d91b4badc5dc0202bfc26ee6b47ee75b753b92f154ace9886b9c8733e7ad05a4e7c797678afe68f82b1895ca9bf1
SSDEEP

393216:vqPnLFXlreQpDOETgsvfGFwGgNTJOvEHp8Lrq:CPLFXNeQoE62TxKC

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
580	main.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a45c-111.dat	upx
behavioral1/files/0x000500000001a45c-112.dat	upx
behavioral1/memory/580-113-0x000007FEF6550000-0x000007FEF69BE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 580	1944	main.exe	28
PID 1944 wrote to memory of 580	1944	main.exe	28
PID 1944 wrote to memory of 580	1944	main.exe	28

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:580

C:\Users\Admin\AppData\Local\Temp\_MEI19442\python310.dll

Filesize
135KB

MD5
616d21769b9f0c3c6b0becd8cbe5d3f0

SHA1
fa96433818862899ba146ecb3be6d4667c923200

SHA256
7ceaab01d2012f53b62c0b41094d08080eae60876897b69c6d82c1d97f20224f

SHA512
0834f314e3fab806e8366437b7e8d92943d3f70927c60953ac91094fc7f24fa0f8b80ae4107bd79e0ee326775134ba67b027f68053bca03a3f692f8cded6451b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19442\python310.dll

Filesize
36KB

MD5
280f17907fb828a97f9eb1a4d0009cdc

SHA1
89b1c365794370859c5fd820c70ec65a2a6b8919

SHA256
0ed1556ffd9dd5c25eafde45545ee2691ada8cb5316b8fa769f21903b9c73862

SHA512
728893dd83ff081f276fc47b3b84644489bcdcc86768d1843d73528aebd04e8bfd074f26caff7f3be87f5feffd0eaa6bc4759e972c70b1112e693dacf5228bb8

Download Submit
memory/580-113-0x000007FEF6550000-0x000007FEF69BE000-memory.dmp

Filesize
4.4MB

Download