d1e70155a0fe1b2fa003997448f63f865fc9b3a6b3071ba91e09ce39fee7d5ba

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 23:27

Target

tears.exe
Size

21.2MB
MD5

ae2e6da7a291d399ccefc04c09d8cd25
SHA1

3ded1c30fdbb0ed75bdcf0e838902ee3b45bf4c7
SHA256

d1e70155a0fe1b2fa003997448f63f865fc9b3a6b3071ba91e09ce39fee7d5ba
SHA512

022db4407ee324b2b8a997f717fa4fee647596d5c683bf4dfbbf2647069565242de4d8d4a1ffb058295be401e58d5c1b99112cb67f60febe289cbfd6185bfbd1
SSDEEP

393216:YEkQ5S5AWfq4vgP8AxYD/1+TtIiF5Y9Z8D8Ccl6lmdadC02VaHtflkQgKZ:YeaAWfvbXr1QtIQa8DZcIlwadfqzFKZ

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1704	tears.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1704	2176	tears.exe	28
PID 2176 wrote to memory of 1704	2176	tears.exe	28
PID 2176 wrote to memory of 1704	2176	tears.exe	28

C:\Users\Admin\AppData\Local\Temp\tears.exe
"C:\Users\Admin\AppData\Local\Temp\tears.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\tears.exe
  "C:\Users\Admin\AppData\Local\Temp\tears.exe"
  2⤵
  - Loads dropped DLL
  PID:1704

C:\Users\Admin\AppData\Local\Temp\_MEI21762\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit