8a38bb293557b9ee3ba0c376d076acc70f70653277af8b3e526b248fc2977c58

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 22:07

Target

loader.exe
Size

6.3MB
MD5

cd64ae92771aae3022ed1186be571d9e
SHA1

0e0357d32f4a3d564600e56748111547976cb2b9
SHA256

8a38bb293557b9ee3ba0c376d076acc70f70653277af8b3e526b248fc2977c58
SHA512

916ca758955e6b58d6a201af025e45a026445c66c4e171533687a1961d3e57397eaff08496f9719d0b63c4cd2b05fe4018aa0630a1665c91561beff2b643616c
SSDEEP

98304:VQ9Wp75YthUQccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1Sh:d55e6QraRRnz+R8zmPf1D7Jh

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000015d27-21.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
3068	loader.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000015d27-21.dat	upx
behavioral1/memory/3068-23-0x0000000074A50000-0x0000000074F60000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3068	2316	loader.exe	28
PID 2316 wrote to memory of 3068	2316	loader.exe	28
PID 2316 wrote to memory of 3068	2316	loader.exe	28
PID 2316 wrote to memory of 3068	2316	loader.exe	28

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Loads dropped DLL
  PID:3068

C:\Users\Admin\AppData\Local\Temp\_MEI23162\python311.dll

Filesize
1.4MB

MD5
711da56eb35a88095f2baad0e821aa24

SHA1
2755f0d62c54642e936b63974fecc48a971e02e8

SHA256
d8c4c37f8826d9f906686a6b89ba3e37ee766be2893b0a7a9f49fd74f3e6f7a6

SHA512
556151238325dcd7b6d24864b39414cb0d4c2b18e98ac2446a2939bf0312d5b58128f6601e739c300bf3a38c4ddb84078a7b2e800d4e59875c21e23468e38a01

Download Submit
memory/3068-23-0x0000000074A50000-0x0000000074F60000-memory.dmp

Filesize
5.1MB

Download