ed53248c00dc02726e6fc8cfaaf36727b7b0d1084726437bfbe5196b3daa315c

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 10:54

Target

among_us.exe
Size

5.1MB
MD5

84ce3e9940f585471bd13aa96fa91efb
SHA1

be6f70bd54b4989d2797fe6b831aead32c8f9951
SHA256

ed53248c00dc02726e6fc8cfaaf36727b7b0d1084726437bfbe5196b3daa315c
SHA512

b63a43cbee1b247846ca5828b3ed96ce439a7a84cc2fdb4a798c809d7b2940b270540282543b3ab99e0a38dbbb3325b645bb4d1eb94f23aa1f6dd80fa6c6d2bc
SSDEEP

98304:tnVKIDTGpzoLLJ3TbwaVvrZE0I7yoFQK15W8ASLmbNYJERw1jrTHi1D1JYA:tnMIm9onJ5hrZEnyiU8AdZYJERurTUY

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

among_us.exe

pid process

2916 among_us.exe

pid	process
2916	among_us.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

among_us.exe

description	pid	process	target process
PID 1440 wrote to memory of 2916	1440	among_us.exe	among_us.exe
PID 1440 wrote to memory of 2916	1440	among_us.exe	among_us.exe
PID 1440 wrote to memory of 2916	1440	among_us.exe	among_us.exe

C:\Users\Admin\AppData\Local\Temp\among_us.exe
"C:\Users\Admin\AppData\Local\Temp\among_us.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1440

C:\Users\Admin\AppData\Local\Temp\among_us.exe
"C:\Users\Admin\AppData\Local\Temp\among_us.exe"
2⤵
- Loads dropped DLL
PID:2916

C:\Users\Admin\AppData\Local\Temp\_MEI14402\python39.dll
Filesize
4.3MB

MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit