de747d415ffda8bf7a369c9d803d73070c97e184652ebc17c17237a8661bbb57

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 15:24

Target

defdis3.exe
Size

29.9MB
MD5

95c8bf3c6f8e1d721c277e6f62e56040
SHA1

c178914bc3bf7f0564ecfa0ff0f44258b7382311
SHA256

de747d415ffda8bf7a369c9d803d73070c97e184652ebc17c17237a8661bbb57
SHA512

18a2a48464faee305fc7ac3e299679e5922e8f47ed53461831cd3c9124c794d4edd1a1cf9f9f191181bd4f14b6531aebc5e86ce03fdca7ce6adb29c0d442fcfb
SSDEEP

786432:K92Gdb5+KvIFVOjXESWqE5SezfNtcy2SFsdv:8Td/vIFVO8qQZwy4J

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
980	defdis3.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00030000000207f5-710.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 980	2172	defdis3.exe	28
PID 2172 wrote to memory of 980	2172	defdis3.exe	28
PID 2172 wrote to memory of 980	2172	defdis3.exe	28

C:\Users\Admin\AppData\Local\Temp\defdis3.exe
"C:\Users\Admin\AppData\Local\Temp\defdis3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\defdis3.exe
  "C:\Users\Admin\AppData\Local\Temp\defdis3.exe"
  2⤵
  - Loads dropped DLL
  PID:980

C:\Users\Admin\AppData\Local\Temp\_MEI21722\python312.dll

Filesize
1.7MB

MD5
8f165bfadf970edafd59067ad45a3952

SHA1
16c1876f2233087156b49db35d4d935c6e17be6a

SHA256
22470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d

SHA512
b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae

Download Submit
memory/980-712-0x000007FEF56A0000-0x000007FEF5D64000-memory.dmp

Filesize
6.8MB

Download