97c9a5cab96e4fa1adcaf5da236fbb479d539d48392ade77efaa030d66d1f5c5

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-06-2024 16:09

Target

MIDNIGHT CS2.exe
Size

15.8MB
MD5

09c540b93f5789a89e23ecf3f146f6d3
SHA1

5cdfb72485d7ed7ecf2fa88ba356bfabca4a2d66
SHA256

e8bb79dc1428186e6d5f892a4510b0834a3a270061ebff81982f5b9e4c859b8d
SHA512

16264666c1b7035f43237fe8a4eb24cfb9ef3a3febc7ebe1c49eee146b7e9ae6ec1d1a5296d08f71e28936f3a8f5b1f8666dd2ee17c9ed5264ac604f790eb5b1
SSDEEP

393216:bUiIE7Yo9+4uOwxHi+2ohcyLkW+eGQRe9jo7BGcGkaJKt/WoAfL9:R7r9+ROyHiRyc0kW+e5Re9MvpeL9

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2480	MIDNIGHT CS2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2480	1660	MIDNIGHT CS2.exe	28
PID 1660 wrote to memory of 2480	1660	MIDNIGHT CS2.exe	28
PID 1660 wrote to memory of 2480	1660	MIDNIGHT CS2.exe	28

C:\Users\Admin\AppData\Local\Temp\MIDNIGHT CS2.exe
"C:\Users\Admin\AppData\Local\Temp\MIDNIGHT CS2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Users\Admin\AppData\Local\Temp\MIDNIGHT CS2.exe
  "C:\Users\Admin\AppData\Local\Temp\MIDNIGHT CS2.exe"
  2⤵
  - Loads dropped DLL
  PID:2480

C:\Users\Admin\AppData\Local\Temp\_MEI16602\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit