3c4f8fcd2f82e81b62149ec02a9db9fe414e643b36259abfd9fd1ccc34c9d191

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 22:02

Target

DripLite.exe
Size

22.6MB
MD5

29b37ee7f2e4f83f5a9151c76d78c38c
SHA1

1f90143516f42b1b4a9ba9554b9a4ca8944b9e42
SHA256

3c4f8fcd2f82e81b62149ec02a9db9fe414e643b36259abfd9fd1ccc34c9d191
SHA512

f6a9e6db96f4caf219669d3595e146fb6b7117377bc8a4e863708f8ff0d357928a060d5e6ae3ed6de7f3709d199c57b4a6f7605ce68d7f25be0593254a03ccd0
SSDEEP

393216:uo9DM45Cto5L1V8dkurEUWj5EnBSVkRIrY87FNwrMiE1PcZYE9buK+:P9NMgRndbQzcY87FyMiRYEEK+

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

DripLite.exe

pid process

1632 DripLite.exe

pid	process
1632	DripLite.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI26642\python312.dll	upx
behavioral1/memory/1632-112-0x000007FEF6320000-0x000007FEF69E5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

DripLite.exe

description	pid	process	target process
PID 2664 wrote to memory of 1632	2664	DripLite.exe	DripLite.exe
PID 2664 wrote to memory of 1632	2664	DripLite.exe	DripLite.exe
PID 2664 wrote to memory of 1632	2664	DripLite.exe	DripLite.exe

C:\Users\Admin\AppData\Local\Temp\DripLite.exe
"C:\Users\Admin\AppData\Local\Temp\DripLite.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\DripLite.exe
"C:\Users\Admin\AppData\Local\Temp\DripLite.exe"
2⤵
- Loads dropped DLL
PID:1632

C:\Users\Admin\AppData\Local\Temp\_MEI26642\python312.dll
Filesize
1.7MB

MD5
fb8bedf8440eb432c9f3587b8114abc0

SHA1
136bb4dd38a7f6cb3e2613910607131c97674f7c

SHA256
cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6

SHA512
b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63

Download Submit
memory/1632-112-0x000007FEF6320000-0x000007FEF69E5000-memory.dmp

Filesize
6.8MB

Download