b9510c15794ae07439639513e15bf6c65e936e62544cf411ff0535ed9175dab3

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 21:01

Target

Lite-Unlock.exe
Size

72.8MB
MD5

98a6dcdb893f2dbfd67b61ff1f371a51
SHA1

24ba0e634b85340b1f62b02d051703551a8b06e4
SHA256

b9510c15794ae07439639513e15bf6c65e936e62544cf411ff0535ed9175dab3
SHA512

57e9ab0a0f42412f0a761d475897dfd1bd1f9f17dc3f69dda75e0b5de6d1b29634c349d75d69641e4a118d34ae74f63fadc9f6c3b2b69a31a66791f1bab88708
SSDEEP

1572864:s/QwDaiMyN/WMfHnqf3Gd6xdnj+YV5szud1E7szqrn3Acmb:s//aiL4mnyo6VVBVus

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1996	Lite-Unlock.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020820-719.dat	upx
behavioral1/memory/1996-721-0x000007FEF5F60000-0x000007FEF6552000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1996	1716	Lite-Unlock.exe	28
PID 1716 wrote to memory of 1996	1716	Lite-Unlock.exe	28
PID 1716 wrote to memory of 1996	1716	Lite-Unlock.exe	28

C:\Users\Admin\AppData\Local\Temp\Lite-Unlock.exe
"C:\Users\Admin\AppData\Local\Temp\Lite-Unlock.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\Lite-Unlock.exe
  "C:\Users\Admin\AppData\Local\Temp\Lite-Unlock.exe"
  2⤵
  - Loads dropped DLL
  PID:1996

C:\Users\Admin\AppData\Local\Temp\_MEI17162\python311.dll

Filesize
1.6MB

MD5
1d5d46f4a8f8062de2d7d3b6dec9d14d

SHA1
adc2a8561f1639fe41702d2249153ce67c4e1fb8

SHA256
b5ff3eed100d81d560144d68b551a729849815ec771a689a572f1fba01e04f86

SHA512
0aee2b6bfd0c43a5a5488b41d3ec2ab9ec93c072f3bfaf9b2a778ba13dfebef143e9d837d2923ea596984648fb3f441815ec614fdec55a2a20fc7d16b85210c3

Download Submit
memory/1996-721-0x000007FEF5F60000-0x000007FEF6552000-memory.dmp

Filesize
5.9MB

Download