7a1eea1311b50e7bc80a2aeb77c772a26d275e9cede456dac7b27fadc81e3607

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
18-06-2024 19:13

Target

sysEXEC/sysEXEC.exe
Size

14.5MB
MD5

ffd7667734dd00d965d53652f5d79cf2
SHA1

8b2a829f441f3994251a7c0c4df1e0d84e310fd1
SHA256

521a5689f95a3e059413c34b727b4e13d104303beed4163a7c21219541525d72
SHA512

aaa88a9449414a61e0544b9402f5145cc94b75a3eb07dc110b2d1919b2417415e75821fcf3ecc13dd821c0ded7d25c33bca83a5d219656b355071b5bf9b5b42a
SSDEEP

196608:sSEkv0sKYu/PaQ+DuhflMXdQmRJ8dA6lSuqaycBIGpE2o6hTOv+QKfwJ+E39j/l5:7EkZQ0dQuslSq99oWOv+9fg+EH3Pgm3

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2056	sysEXEC.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2056	1876	sysEXEC.exe	28
PID 1876 wrote to memory of 2056	1876	sysEXEC.exe	28
PID 1876 wrote to memory of 2056	1876	sysEXEC.exe	28

C:\Users\Admin\AppData\Local\Temp\sysEXEC\sysEXEC.exe
"C:\Users\Admin\AppData\Local\Temp\sysEXEC\sysEXEC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Users\Admin\AppData\Local\Temp\sysEXEC\sysEXEC.exe
  "C:\Users\Admin\AppData\Local\Temp\sysEXEC\sysEXEC.exe"
  2⤵
  - Loads dropped DLL
  PID:2056

C:\Users\Admin\AppData\Local\Temp\_MEI18762\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit