3134316cd5f860361755f9370505e440ee9fd91a2e15ae8c27bf5aceafb70030

Analysis

max time kernel
20s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 00:16

Target

SecureTelegram.exe
Size

37.0MB
MD5

704c4cb99b74b3bf258a99ebe601a9b1
SHA1

ab66a01cb4f912e76ed4af4aa999d80fb63edf83
SHA256

3134316cd5f860361755f9370505e440ee9fd91a2e15ae8c27bf5aceafb70030
SHA512

442c596beb5035c4fad8ef141e889c9d286d93694877a2a82b3081322de04b32c7fade62f7743c7a8852df0a2f3707a075b5ad1bee083a5714d8056ecf3c9259
SSDEEP

786432:qRQBrRSY+R46huYqwAO4YoMGD6Oaf3ooHLl0UAlYBLe+9qz7fEg:qROrRR+R4WurwAO49QvocBAlYBLe+G7R

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

SecureTelegram.exe

pid process

2732 SecureTelegram.exe

pid	process
2732	SecureTelegram.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI26722\python312.dll	upx
behavioral1/memory/2732-14-0x000007FEF5EF0000-0x000007FEF65C0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SecureTelegram.exe

description	pid	process	target process
PID 2672 wrote to memory of 2732	2672	SecureTelegram.exe	SecureTelegram.exe
PID 2672 wrote to memory of 2732	2672	SecureTelegram.exe	SecureTelegram.exe
PID 2672 wrote to memory of 2732	2672	SecureTelegram.exe	SecureTelegram.exe

C:\Users\Admin\AppData\Local\Temp\SecureTelegram.exe
"C:\Users\Admin\AppData\Local\Temp\SecureTelegram.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\SecureTelegram.exe
  "C:\Users\Admin\AppData\Local\Temp\SecureTelegram.exe"
  2⤵
  - Loads dropped DLL
  PID:2732

C:\Users\Admin\AppData\Local\Temp\_MEI26722\python312.dll

Filesize
1.7MB

MD5
86d9b8b15b0340d6ec235e980c05c3be

SHA1
a03bdd45215a0381dcb3b22408dbc1f564661c73

SHA256
12dbbcd67015d6cdb680752184107b7deb84e906b0e8e860385f85d33858a5f6

SHA512
d360cc3f00d90fd04cbba09d879e2826968df0c1fdc44890c60b8450fe028c3e767450c3543c62d4f284fb7e004a9a33c52538c2279221ee6cbdb1a9485f88b2

Download Submit
memory/2732-14-0x000007FEF5EF0000-0x000007FEF65C0000-memory.dmp

Filesize
6.8MB

Download