7bfb1cff5026070f51356da0154594567f5bef98bfb91ec5285cf81999737382

Resubmissions

20/06/2024, 00:25 UTC

14/06/2024, 18:17 UTC

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 18:17 UTC

Target

loader_prod.exe
Size

64.6MB
MD5

ca51d2b9d3c378224d77bfaf910a5c80
SHA1

67657cd30df07feafa49bbce07099714a86dcc67
SHA256

7bfb1cff5026070f51356da0154594567f5bef98bfb91ec5285cf81999737382
SHA512

a339c8c0872d1ffe2a3aa2726549145f0e248c8c04dcc49c1443313d67f698cbb77d667448fdcfa79993e07d4c5b81c307d7fa76d330a7ecd6373be9ba2ad0f1
SSDEEP

1572864:RRWAPVsp8irAH8+1osuTCSxOB6xMLiIpa2qHWB75iVuPrZRW8jrNU0i:RUAWp8S6xjKcBa6c2qHO5iVuzXDB

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2508	loader_prod.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2508	1984	loader_prod.exe	28
PID 1984 wrote to memory of 2508	1984	loader_prod.exe	28
PID 1984 wrote to memory of 2508	1984	loader_prod.exe	28

C:\Users\Admin\AppData\Local\Temp\loader_prod.exe
"C:\Users\Admin\AppData\Local\Temp\loader_prod.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\loader_prod.exe
  "C:\Users\Admin\AppData\Local\Temp\loader_prod.exe"
  2⤵
  - Loads dropped DLL
  PID:2508

C:\Users\Admin\AppData\Local\Temp\_MEI19842\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit