d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 00:29

Target

Dream Advanced.exe
Size

16.2MB
MD5

a0caa1a41ac394086e60e66c72238228
SHA1

3f1cb07be45e0bd9041aafced97923b2b0dab380
SHA256

d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca
SHA512

5c61053202d5f9b85f17b39e9b655151ca9f65f13d852f8ee21712e1a1e15f05cff2dd68c26453860b8779a22d721ee06ad1015237789a156c545f7913090589
SSDEEP

393216:GEkcqc4UJWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6l91EfPKksbuKo:Gkz4UYQFS1QtI6a8DZcIlPzkBKo

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

Dream Advanced.exe

pid process

2520 Dream Advanced.exe

pid	process
2520	Dream Advanced.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Dream Advanced.exe

description	pid	process	target process
PID 2216 wrote to memory of 2520	2216	Dream Advanced.exe	Dream Advanced.exe
PID 2216 wrote to memory of 2520	2216	Dream Advanced.exe	Dream Advanced.exe
PID 2216 wrote to memory of 2520	2216	Dream Advanced.exe	Dream Advanced.exe

C:\Users\Admin\AppData\Local\Temp\Dream Advanced.exe
"C:\Users\Admin\AppData\Local\Temp\Dream Advanced.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\Dream Advanced.exe
"C:\Users\Admin\AppData\Local\Temp\Dream Advanced.exe"
2⤵
- Loads dropped DLL
PID:2520

C:\Users\Admin\AppData\Local\Temp\_MEI22162\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit