8a6f75426c02db73affeb070b56bebcbfb8769387dfc15f94018ffc1f63d3938

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-06-2024 18:50

Target

win5.exe
Size

13.8MB
MD5

887ee63442c8ee2604ba02d5c5770069
SHA1

1ed501df3fc3d4d58df2369a9195959b0e875597
SHA256

e47b6c6eff46ef74daad65e7f84d70d1e713de4b6f6dda4be06708d8dae61339
SHA512

c2fa7a25e7ed143ca1185089275c521c2dd26cb9a15b4378caa5111f9c34807486946a6490586498eafbc904ecd3b027e92dbd3f76c855cea0401da69bafedd1
SSDEEP

196608:gYFgX7miZ0sKYu/PaQqtG7fpDOjmFpMRxtYSHdKiy4kdai7bN3mDRIIBR+CaW5LS:/FDQQYGVKKSphMB3Q1zDvp+

Score

7^/10

upx

pid	process
2888	win5.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI23202\python310.dll	upx
behavioral3/memory/2888-87-0x000007FEF61C0000-0x000007FEF6626000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

win5.exe

description	pid	process	target process
PID 2320 wrote to memory of 2888	2320	win5.exe	win5.exe
PID 2320 wrote to memory of 2888	2320	win5.exe	win5.exe
PID 2320 wrote to memory of 2888	2320	win5.exe	win5.exe

C:\Users\Admin\AppData\Local\Temp\win5.exe
"C:\Users\Admin\AppData\Local\Temp\win5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Users\Admin\AppData\Local\Temp\win5.exe
"C:\Users\Admin\AppData\Local\Temp\win5.exe"
2⤵
- Loads dropped DLL
PID:2888

C:\Users\Admin\AppData\Local\Temp\_MEI23202\python310.dll
Filesize
1.4MB

MD5
08812511e94ad9859492a8d19cafa63e

SHA1
492b9fefb9cc5c7f80681ebfa373d48b3a600747

SHA256
9742af9d1154293fa4c4fc50352430c22d56e8cdc99202c78533af182d96489c

SHA512
6f7e41f4e2f893841329ac62315809a59a8d01ca047cb5739eb7ac1294afd4de2754549f7b1f5f9affa3397e9de379c5f6396844fc4fab9328362566225ddb8e

Download Submit
memory/2888-87-0x000007FEF61C0000-0x000007FEF6626000-memory.dmp

Filesize
4.4MB

Download