56e17b8f1e7d3348d2c8730369594171547017906ffd95109dc2ec8da127ca48

Analysis

max time kernel
359s
max time network
360s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 21:25

Target

custombuildnl.fr_1.exe
Size

33.2MB
MD5

3b2b7e806989b481aeb8a71eb95c9e9e
SHA1

dd1d80a59120aeaaa1239c05cf385579226747f7
SHA256

56e17b8f1e7d3348d2c8730369594171547017906ffd95109dc2ec8da127ca48
SHA512

9c4936b8b82092897f877825b6b6275b075f81a02bf0326792ecd393f3d839495ccb4422d2d55b95f35d5f509f59ff540e46826d7ddcbcb2f5d76d08eb759f00
SSDEEP

786432:1dM77JXb1ukCDeE6q+m5jVagaIQm2q+L5+u9Y2KN:1dI1EDX6q3Am2F3K

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2560	custombuildnl.fr_1.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00060000000143ec-12.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2560	2548	custombuildnl.fr_1.exe	28
PID 2548 wrote to memory of 2560	2548	custombuildnl.fr_1.exe	28
PID 2548 wrote to memory of 2560	2548	custombuildnl.fr_1.exe	28

C:\Users\Admin\AppData\Local\Temp\custombuildnl.fr_1.exe
"C:\Users\Admin\AppData\Local\Temp\custombuildnl.fr_1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\custombuildnl.fr_1.exe
  "C:\Users\Admin\AppData\Local\Temp\custombuildnl.fr_1.exe"
  2⤵
  - Loads dropped DLL
  PID:2560

C:\Users\Admin\AppData\Local\Temp\_MEI25482\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
memory/2560-14-0x000007FEF5D00000-0x000007FEF6166000-memory.dmp

Filesize
4.4MB

Download