bb979afa8964257bc5b67c9d9738bb6826047cf3c000f34e8929ac73decc7116

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 06:39

Target

main.exe
Size

19.4MB
MD5

7482cd795217ae4595b5f8adb075e758
SHA1

dcbe1a3cd910fbdeb360398054cf518089255e69
SHA256

bb979afa8964257bc5b67c9d9738bb6826047cf3c000f34e8929ac73decc7116
SHA512

520cb625a994dd3e51ef1a69f3c2b7e6b2758375af6618eadf05e06c13c5c70790be4fc2b8ffb6fb8da3bf866871b1c41c04e7df5bfbfad143de3f3a61107dd3
SSDEEP

393216:Gh9Sl6eQnr3hATeD+C/pW/cR7uz9fZLD2OiMEeT0D+:A9kQT+qD+C/pWcupf3Hq

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2664	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a44e-107.dat	upx
behavioral1/memory/2664-109-0x000007FEF5DC0000-0x000007FEF63A8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2664	2340	main.exe	28
PID 2340 wrote to memory of 2664	2340	main.exe	28
PID 2340 wrote to memory of 2664	2340	main.exe	28

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2664

C:\Users\Admin\AppData\Local\Temp\_MEI23402\python311.dll

Filesize
1.6MB

MD5
527923fc1de5a440980010ea5a4aaba1

SHA1
ab2b5659b82a014e0804ab1a69412a465ae37d49

SHA256
d94637faaa6d0dbd87c7ad6193831af4553648f4c3024a8a8d8adf549f516c91

SHA512
51a67b02e49a36d11828831f334f4242dfa1c0ac557ed50892b5a7f4d6ff153edab5458c312e57d80ed1b40434037c75c9e933ccbf4a187ec57685bdb42cdfb6

Download Submit
memory/2664-109-0x000007FEF5DC0000-0x000007FEF63A8000-memory.dmp

Filesize
5.9MB

Download