162b64519ac70cb2732d68ee712d8d28b271d3ddd375d4822e72420340c42687

Analysis

max time kernel
1559s
max time network
1563s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/02/2024, 23:05

Target

test.exe
Size

22.5MB
MD5

8b6d716d40fad114584ffd9c58507618
SHA1

1db3b042a6e3180dec2e369f95dbe3886b7ea7b1
SHA256

162b64519ac70cb2732d68ee712d8d28b271d3ddd375d4822e72420340c42687
SHA512

c3e17aabc9c40b4e9f969335387d64322b23e61f2fad2366a6eabfeb420340810ac782e5fb43bb34dfc63bf83fd20c6e6db3e69fde7bc96e907b1f26ae481818
SSDEEP

393216:bWvz+XOVe7XfxnetJurEUWjZEnBSVkRIrY87wPpRR6jEh01tbKsGWiXdWCJ8:qz+XOg7IdbwzcY87SpRRq91FK17VJ8

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2968	test.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a487-102.dat	upx
behavioral1/memory/2968-104-0x000007FEF5FE0000-0x000007FEF66B9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2968	2264	test.exe	28
PID 2264 wrote to memory of 2968	2264	test.exe	28
PID 2264 wrote to memory of 2968	2264	test.exe	28

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\test.exe
  "C:\Users\Admin\AppData\Local\Temp\test.exe"
  2⤵
  - Loads dropped DLL
  PID:2968

C:\Users\Admin\AppData\Local\Temp\_MEI22642\python312.dll

Filesize
1.8MB

MD5
2889fb28cd8f2f32997be99eb81fd7eb

SHA1
adfeb3a08d20e22dde67b60869c93291ca688093

SHA256
435430e3abfde589d8535bc24a4b1d4147a4971dbe59e9377603974c07a1b637

SHA512
aaa33b8178a8831008ea6ad39b05189d55aa228a20a2315e45df6e2ff590c94478cfc76c9adb762689edb021ecdf98df3e7074d8d65c1c477273056b7509f8ee

Download Submit
memory/2968-104-0x000007FEF5FE0000-0x000007FEF66B9000-memory.dmp

Filesize
6.8MB

Download