569090446dc07a749aae6e324515a9794ec04ca8ad3e3428d87f34c9930a9d0f

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/01/2024, 21:19

Target

main.exe
Size

68.4MB
MD5

0e95f0ad1a56e69f0bd2103cd03c70d3
SHA1

0be18972de8e666778b35fdee4b2162e8c371a09
SHA256

fef1c009c57be55eef25d1c21d56a4dbfbfa2f75517eaff82570d3113b4a914f
SHA512

0dbdc2a8e0e46e27bbf5c0d179e1d5d46b2c1bec9b3a706543193f206d74fbec4657163e02e03bded76954a0298669d05ef528d912654200d5e01bf296d84714
SSDEEP

1572864:tbmFP/V4f6Gj53ikjt4jRq2GqFOPV5edLlNNc12qHWB75ip/W5cW7dkPe:ot/VG6RmtCRlGPreg12qHO5ip/ocl

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1144	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1144	2264	main.exe	29
PID 2264 wrote to memory of 1144	2264	main.exe	29
PID 2264 wrote to memory of 1144	2264	main.exe	29

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:1144

C:\Users\Admin\AppData\Local\Temp\_MEI22642\python312.dll

Filesize
6.6MB

MD5
269e15efa29399740e10440eb049c99f

SHA1
1aed0441b68950553c4c31ff72af170716e73279

SHA256
2d09a1ab3c0a94d573875bc9ad0f285ce5f3ac9f3cf60cfed0db735114134188

SHA512
6b3293201224f59aac22928247c0d0a3eeb7193224faf015a27f236450fbea41f3239bc79b023d0b0dff4fa3c6ebb028c1d3a0a238e2d2f2d63e61a83268d7ba

Download Submit