0e951d25fbc7a5928c4d1a250e53b64b6501d6bdf4a07b1db2ed006a38deaec0

Analysis

max time kernel
14s
max time network
16s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 07:29

Target

ROI-CHAIR.exe
Size

53.4MB
MD5

cfcb465f063d928cb2b4057141dabd16
SHA1

34e8a1a8ec61528f4e573c5e20a3d265b515351f
SHA256

0e951d25fbc7a5928c4d1a250e53b64b6501d6bdf4a07b1db2ed006a38deaec0
SHA512

15514df9875367af9fdce5a6bf7dcd23fc098b9d967d48f04d45c92c473e4720e26dc93098c34357a10e7af2164f4a22c405f944244901bbc5d66780fd71c4d1
SSDEEP

786432:69SV7QqMoknvNpA+vIlo0FdGgCdbF+KvIFVOjXESWqE5SezsaQ9SF1mv:sSZQqMrlpA+Ql4JdzvIFVO8qQZhQ40

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1092	ROI-CHAIR.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00040000000206f6-724.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 1092	2452	ROI-CHAIR.exe	28
PID 2452 wrote to memory of 1092	2452	ROI-CHAIR.exe	28
PID 2452 wrote to memory of 1092	2452	ROI-CHAIR.exe	28

C:\Users\Admin\AppData\Local\Temp\ROI-CHAIR.exe
"C:\Users\Admin\AppData\Local\Temp\ROI-CHAIR.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\ROI-CHAIR.exe
  "C:\Users\Admin\AppData\Local\Temp\ROI-CHAIR.exe"
  2⤵
  - Loads dropped DLL
  PID:1092

C:\Users\Admin\AppData\Local\Temp\_MEI24522\python312.dll

Filesize
1.7MB

MD5
8f165bfadf970edafd59067ad45a3952

SHA1
16c1876f2233087156b49db35d4d935c6e17be6a

SHA256
22470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d

SHA512
b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae

Download Submit
memory/1092-726-0x000007FEF65A0000-0x000007FEF6C64000-memory.dmp

Filesize
6.8MB

Download