4b721600d5032b7c920a1e223fe08a8aa47e9de55fffb6929054ee5d68a78df8

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 16:10

Target

loader.exe
Size

6.3MB
MD5

d07764c3e87b38d474ca4ac3bd4acdd8
SHA1

2b9fcd94bf546ce574378733d8a78362537cb305
SHA256

4b721600d5032b7c920a1e223fe08a8aa47e9de55fffb6929054ee5d68a78df8
SHA512

7b76781fc53ffacfa910386b5689611f603e0ed31ec9ca1195cf8e85cd996f34bfbf1bba5a38866c3fb0d5010dcb34ab145eb404ebcf8d6035b7b51d27e4dfcf
SSDEEP

98304:qQ9z475YthUbaWjUccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1S2:bG5e6OZraRRnz+R8zmPf1D7J2

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000015ca6-21.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2108	loader.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000015ca6-21.dat	upx
behavioral1/memory/2108-23-0x0000000074490000-0x00000000749A0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2108	1676	loader.exe	28
PID 1676 wrote to memory of 2108	1676	loader.exe	28
PID 1676 wrote to memory of 2108	1676	loader.exe	28
PID 1676 wrote to memory of 2108	1676	loader.exe	28

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Users\Admin\AppData\Local\Temp\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Loads dropped DLL
  PID:2108

C:\Users\Admin\AppData\Local\Temp\_MEI16762\python311.dll

Filesize
1.4MB

MD5
711da56eb35a88095f2baad0e821aa24

SHA1
2755f0d62c54642e936b63974fecc48a971e02e8

SHA256
d8c4c37f8826d9f906686a6b89ba3e37ee766be2893b0a7a9f49fd74f3e6f7a6

SHA512
556151238325dcd7b6d24864b39414cb0d4c2b18e98ac2446a2939bf0312d5b58128f6601e739c300bf3a38c4ddb84078a7b2e800d4e59875c21e23468e38a01

Download Submit
memory/2108-23-0x0000000074490000-0x00000000749A0000-memory.dmp

Filesize
5.1MB

Download