99615a23c7b5d02e9a0b155d998ab687d29adfef1b57f1f52df511a9a7122d6e

Analysis

max time kernel
4s
max time network
2s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 18:26 UTC

Target

Logged_v1.6.0.exe
Size

74.2MB
MD5

a4e57a5c650e3ebfedcd12ffee3fee14
SHA1

406c718d69d6ba536e0d2251fee408b4a84e59bf
SHA256

99615a23c7b5d02e9a0b155d998ab687d29adfef1b57f1f52df511a9a7122d6e
SHA512

54ab3266705762facfa5fbca5475c79ee7a0b8ecd07c3dde20c71a8ecd1df293ec9540384a04594c2337bf2e3244d6bcf68504f77560c2d1a4d7a97674f4dd9a
SSDEEP

1572864:JQwYC+7xMkRCtQkTMT2Zr9yre77nD0CpbeQ/KZYlctCqkFj23tWcC8g2cnrW:J306kkQkTyCAS/DrbSQctXkFj29wbJrW

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2560	Logged_v1.6.0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 2560	108	Logged_v1.6.0.exe	29
PID 108 wrote to memory of 2560	108	Logged_v1.6.0.exe	29
PID 108 wrote to memory of 2560	108	Logged_v1.6.0.exe	29

C:\Users\Admin\AppData\Local\Temp\Logged_v1.6.0.exe
"C:\Users\Admin\AppData\Local\Temp\Logged_v1.6.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:108
- C:\Users\Admin\AppData\Local\Temp\Logged_v1.6.0.exe
  "C:\Users\Admin\AppData\Local\Temp\Logged_v1.6.0.exe"
  2⤵
  - Loads dropped DLL
  PID:2560

C:\Users\Admin\AppData\Local\Temp\_MEI1082\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit