37f9a528303f1dc655263a5e5e134277236c38f8ad0e7144640c0b563d85c1ed

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 17:35

Target

Spotify.exe
Size

45.9MB
MD5

44660796e71acf8fb60f2c3568dffdac
SHA1

77077828dd93440c5b5b5bf2db80e1551b46a000
SHA256

37f9a528303f1dc655263a5e5e134277236c38f8ad0e7144640c0b563d85c1ed
SHA512

ae6aeabf3f90d0de53a39b49190656fbd1ffe43d61bab9f4b6f79797122be7b2ee8762eeb407ff1aeca4370d9d50a0b900226e7b28dc02ad02daae4a45881539
SSDEEP

393216:Nh9S2nnx837XfZh2Jp5MLurEUWjljEh01tLyHWX8Wjs+da:P9Dnxq7BhpdbJ91hyHJes+da

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2372	Spotify.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0004000000019454-89.dat	upx
behavioral1/memory/2372-91-0x000007FEF6140000-0x000007FEF6819000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2372	1688	Spotify.exe	27
PID 1688 wrote to memory of 2372	1688	Spotify.exe	27
PID 1688 wrote to memory of 2372	1688	Spotify.exe	27

C:\Users\Admin\AppData\Local\Temp\Spotify.exe
"C:\Users\Admin\AppData\Local\Temp\Spotify.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\Spotify.exe
  "C:\Users\Admin\AppData\Local\Temp\Spotify.exe"
  2⤵
  - Loads dropped DLL
  PID:2372

C:\Users\Admin\AppData\Local\Temp\_MEI16882\python312.dll

Filesize
1.8MB

MD5
2889fb28cd8f2f32997be99eb81fd7eb

SHA1
adfeb3a08d20e22dde67b60869c93291ca688093

SHA256
435430e3abfde589d8535bc24a4b1d4147a4971dbe59e9377603974c07a1b637

SHA512
aaa33b8178a8831008ea6ad39b05189d55aa228a20a2315e45df6e2ff590c94478cfc76c9adb762689edb021ecdf98df3e7074d8d65c1c477273056b7509f8ee

Download Submit
memory/2372-91-0x000007FEF6140000-0x000007FEF6819000-memory.dmp

Filesize
6.8MB

Download