4b59127cafb6626f2c03b5f5c3c30f699710cfdea1176a3bbb084415fc747b46

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 10:42

Target

NeverLoseCC.exe
Size

20.1MB
MD5

10e17c79099f57ea3d01ed12dd540687
SHA1

4c874f12c7a25bbcf9c3e02d2a1947a73f4b93b3
SHA256

4b59127cafb6626f2c03b5f5c3c30f699710cfdea1176a3bbb084415fc747b46
SHA512

75079b6d814d3d13a5f8b23481be30f96fc2aebd914e807e352aaccb672d609d6645c66b8286b13428623ec06999bb6e545fd38126ec5d1dd0f2f76edd04a5dc
SSDEEP

393216:qEkZQtss27GjJWQsUcR4NzQW+eGQRg93iObIhRS/MLzrqT6oHd8XTv/:qhQtsAjYQFIW+e5R49MhR93ePyXT

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

NeverLoseCC.exe

pid process

2872 NeverLoseCC.exe

pid	process
2872	NeverLoseCC.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

NeverLoseCC.exe

description	pid	process	target process
PID 2192 wrote to memory of 2872	2192	NeverLoseCC.exe	NeverLoseCC.exe
PID 2192 wrote to memory of 2872	2192	NeverLoseCC.exe	NeverLoseCC.exe
PID 2192 wrote to memory of 2872	2192	NeverLoseCC.exe	NeverLoseCC.exe

C:\Users\Admin\AppData\Local\Temp\NeverLoseCC.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\NeverLoseCC.exe
  "C:\Users\Admin\AppData\Local\Temp\NeverLoseCC.exe"
  2⤵
  - Loads dropped DLL
  PID:2872

C:\Users\Admin\AppData\Local\Temp\_MEI21922\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit