4a95ec6637a706b8a841dc7a1c0a7d4779e4526036fde2523c96a27056df7aac

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 00:27

Target

Swapper-v2.exe
Size

53.2MB
MD5

57038ddd0431081287886edc4ce212f7
SHA1

7c07c177671527d5527ba4e0d640d3767b43a01f
SHA256

4a95ec6637a706b8a841dc7a1c0a7d4779e4526036fde2523c96a27056df7aac
SHA512

e3b9fbf86d1061d25368ff852c2292844c9e17ebfcd6418d33cefe7598b2ab7d975e7fb251d8282cc609008ed5daae27c940104fabdafb8f2928763d4ba4b124
SSDEEP

1572864:INQOrHnqf3Gd6xdnj+YV5szPE7DBzqrGN4+14:IN7jnyo6VV7BX94

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
852	Swapper-v2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000300000002083e-726.dat	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
852	Swapper-v2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 852	2156	Swapper-v2.exe	28
PID 2156 wrote to memory of 852	2156	Swapper-v2.exe	28
PID 2156 wrote to memory of 852	2156	Swapper-v2.exe	28

C:\Users\Admin\AppData\Local\Temp\Swapper-v2.exe
"C:\Users\Admin\AppData\Local\Temp\Swapper-v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\Swapper-v2.exe
  "C:\Users\Admin\AppData\Local\Temp\Swapper-v2.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:852

C:\Users\Admin\AppData\Local\Temp\_MEI21562\python310.dll

Filesize
1.4MB

MD5
701e2e5d0826f378a53dc5c83164c741

SHA1
62725dbee8546a7c9751679669c4aeb829bcb5a7

SHA256
9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2

SHA512
df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

Download Submit
memory/852-728-0x000007FEF5D80000-0x000007FEF61EE000-memory.dmp

Filesize
4.4MB

Download
memory/852-729-0x000007FEF5D80000-0x000007FEF61EE000-memory.dmp

Filesize
4.4MB

Download