640f6fa7a32a694b0912bd9042ac043f7e1252cb28db7385a3c2060d327d32b7

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 02:37 UTC

Target

.exe/TrappedV2.exe
Size

7.5MB
MD5

185209c5c3f0e3871931a17b36f1be6b
SHA1

ac9d47c6aaef2fc9d4e4035eb480ae08fa5b7483
SHA256

c77e124816a70e05f72e5c147f503fe40e4629de344bab593039a194766ef79b
SHA512

66650e214dcd1c69115a78adbc72f959eba63022817fac39a7225b3c5d115d85754a6e3fccfc075b65e8665bf0a1c7b8edb5d8f30ab241819cf0dc27cd8e218b
SSDEEP

98304:OQXWQRZdDwG1eFsr7/AgecPlcGxH0Ig17E3AAy5tx54D/SVnovDJTSPkIuQoK:O2/DwGcsAgectcGfcY3gtCcKSPn

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2692	TrappedV2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2692	1992	TrappedV2.exe	29
PID 1992 wrote to memory of 2692	1992	TrappedV2.exe	29
PID 1992 wrote to memory of 2692	1992	TrappedV2.exe	29

C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe
"C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe
  "C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe"
  2⤵
  - Loads dropped DLL
  PID:2692

C:\Users\Admin\AppData\Local\Temp\_MEI19922\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit