08b0e2870a7fc2dcd71879d84ff235b6f3b27ed5fa2d320a03821d55ce6d6726

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
18-06-2024 18:50

Target

win7/win5.exe
Size

13.8MB
MD5

2639068bf1e1de3ccae340e6bee3e548
SHA1

3eec25d70e72e94085b854a07af032d3e4df7c70
SHA256

d8bbee1d3eee12b9d710cc892d767469578a511a8149ada07a05dfbee89941bf
SHA512

45ada1b47ab66e2c5f9e9344fd0d2e3b759a738ff4a970138ab8253dd12c55d7fe9cce5a9c3bb23c9c52a7d6d46ff6a0f86381d64bfd19ae8b1b1f222040cb6f
SSDEEP

196608:ugFgX7miZ0sKYu/PaQqtG7fpDOjmFpMRxtYSHdKiy4kdai7bN3mDRI1p+CbbPlaJ:LFDQQYGVKKSphMB3Q1sDVaJ

Score

7^/10

upx

pid	process
2512	win5.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI22362\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

win5.exe

description	pid	process	target process
PID 2236 wrote to memory of 2512	2236	win5.exe	win5.exe
PID 2236 wrote to memory of 2512	2236	win5.exe	win5.exe
PID 2236 wrote to memory of 2512	2236	win5.exe	win5.exe

C:\Users\Admin\AppData\Local\Temp\win7\win5.exe
"C:\Users\Admin\AppData\Local\Temp\win7\win5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236

C:\Users\Admin\AppData\Local\Temp\win7\win5.exe
"C:\Users\Admin\AppData\Local\Temp\win7\win5.exe"
2⤵
- Loads dropped DLL
PID:2512

C:\Users\Admin\AppData\Local\Temp\_MEI22362\python310.dll
Filesize
1.4MB

MD5
08812511e94ad9859492a8d19cafa63e

SHA1
492b9fefb9cc5c7f80681ebfa373d48b3a600747

SHA256
9742af9d1154293fa4c4fc50352430c22d56e8cdc99202c78533af182d96489c

SHA512
6f7e41f4e2f893841329ac62315809a59a8d01ca047cb5739eb7ac1294afd4de2754549f7b1f5f9affa3397e9de379c5f6396844fc4fab9328362566225ddb8e

Download Submit
memory/2512-87-0x000007FEF5A00000-0x000007FEF5E66000-memory.dmp

Filesize
4.4MB

Download