562011f4373d048ed2b60deb22b126686aee96ceac8255196d599b5f9f378416

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 17:37

Target

triggerbot.exe
Size

6.3MB
MD5

61d00638dc9b675029fa77ce234b63c8
SHA1

ec0b83c515ffe998f508e63be9587637d5f2ba7d
SHA256

562011f4373d048ed2b60deb22b126686aee96ceac8255196d599b5f9f378416
SHA512

6d1e249bc6a0a9a098a1c09fbc55fad2522ebdff2cbf201f066925cf1dbe60c74ae9582831166b902c2e0d18f5233ef4a3cbb78104c2d2ae86a1f654b7024900
SSDEEP

98304:yQ9HY75YthUIccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1ST:nm5e6IraRRnz+R8zmPf1D7JT

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000018bda-21.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2664	triggerbot.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000018bda-21.dat	upx
behavioral1/memory/2664-23-0x00000000749F0000-0x0000000074F00000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2664	1832	triggerbot.exe	28
PID 1832 wrote to memory of 2664	1832	triggerbot.exe	28
PID 1832 wrote to memory of 2664	1832	triggerbot.exe	28
PID 1832 wrote to memory of 2664	1832	triggerbot.exe	28

C:\Users\Admin\AppData\Local\Temp\triggerbot.exe
"C:\Users\Admin\AppData\Local\Temp\triggerbot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\triggerbot.exe
  "C:\Users\Admin\AppData\Local\Temp\triggerbot.exe"
  2⤵
  - Loads dropped DLL
  PID:2664

C:\Users\Admin\AppData\Local\Temp\_MEI18322\python311.dll

Filesize
1.4MB

MD5
711da56eb35a88095f2baad0e821aa24

SHA1
2755f0d62c54642e936b63974fecc48a971e02e8

SHA256
d8c4c37f8826d9f906686a6b89ba3e37ee766be2893b0a7a9f49fd74f3e6f7a6

SHA512
556151238325dcd7b6d24864b39414cb0d4c2b18e98ac2446a2939bf0312d5b58128f6601e739c300bf3a38c4ddb84078a7b2e800d4e59875c21e23468e38a01

Download Submit
memory/2664-23-0x00000000749F0000-0x0000000074F00000-memory.dmp

Filesize
5.1MB

Download