8a714538823fc5e4cdbec6114c6d30fe3ab2eb2b557b81de4c59e073c85aa765

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 22:34

Target

NSFW Generator/NSFWGEN.exe
Size

13.8MB
MD5

638d136547ece9e4f282d62aa6562a07
SHA1

19ba1d25332fac7c3fe7bf0eae2ad3520fded5db
SHA256

d7407d5dd0dca80aa9798ff6aaa10635474feab533b7e6db87d759abf69f1ee8
SHA512

e1c2f4a6ffff124c5a7cece7a48be026f1098708376f3e03d46f2e8a0f35e05d223da05b78ef3417422d62ce9feaa137241b0f879b731f63b2c1cbaafebc3323
SSDEEP

393216:hiIE7Yo5D2nwW+eGQRIMTozGxu8C0ibfz6e57F1bmXdWCNx+:O7r5DawW+e5R5oztZ026e5XkVN4

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2668	NSFWGEN.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2668	2252	NSFWGEN.exe	29
PID 2252 wrote to memory of 2668	2252	NSFWGEN.exe	29
PID 2252 wrote to memory of 2668	2252	NSFWGEN.exe	29

C:\Users\Admin\AppData\Local\Temp\NSFW Generator\NSFWGEN.exe
"C:\Users\Admin\AppData\Local\Temp\NSFW Generator\NSFWGEN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\NSFW Generator\NSFWGEN.exe
  "C:\Users\Admin\AppData\Local\Temp\NSFW Generator\NSFWGEN.exe"
  2⤵
  - Loads dropped DLL
  PID:2668

C:\Users\Admin\AppData\Local\Temp\_MEI22522\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit