11df8182358b1cc5162d910721247864b70d4bc44a3bfddbf3cb8a5aa801b6f0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 19:47

Target

Nursultan Alpha.exe
Size

19.6MB
MD5

d3f611136dd32753021838c58644113a
SHA1

9dd7f106c0d59b6f3f299980ba9c5bddfbd56671
SHA256

11df8182358b1cc5162d910721247864b70d4bc44a3bfddbf3cb8a5aa801b6f0
SHA512

dd08b97d2c37c5c790a4bd2bca0d2fb4f91a8ca9c9c3d823778ec727df89dbba3b6c110ef5c401dc6957025a5e4857cf7e7f81f1e8cfb1929283203e8b2b056a
SSDEEP

196608:hjf091nWq7n0jc/bPeNrYFJMIDJ+gsAGKpRTb5y+6q88uO:KLl7n0jcw8Fqy+gsiJM

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2604	Nursultan Alpha.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019623-47.dat	upx
behavioral1/memory/2604-49-0x000007FEF6030000-0x000007FEF649E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2604	2700	Nursultan Alpha.exe	30
PID 2700 wrote to memory of 2604	2700	Nursultan Alpha.exe	30
PID 2700 wrote to memory of 2604	2700	Nursultan Alpha.exe	30

C:\Users\Admin\AppData\Local\Temp\Nursultan Alpha.exe
"C:\Users\Admin\AppData\Local\Temp\Nursultan Alpha.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\Nursultan Alpha.exe
  "C:\Users\Admin\AppData\Local\Temp\Nursultan Alpha.exe"
  2⤵
  - Loads dropped DLL
  PID:2604

C:\Users\Admin\AppData\Local\Temp\_MEI27002\python310.dll

Filesize
1.4MB

MD5
196deb9a74e6e9e242f04008ea80f7d3

SHA1
a54373ebad306f3e6f585bcdf1544fbdcf9c0386

SHA256
20b004bfe69166c4961fee93163e795746df39fb31dc67399c0fde57f551eb75

SHA512
8c226d3ef21f3ddeee14a098c60ef030fa78590e9505d015ce63ea5e5bbcea2e105ff818e94653df1bddc9ba6ed3b376a1dff5c19266b623fa22cd75ac263b68

Download Submit
memory/2604-49-0x000007FEF6030000-0x000007FEF649E000-memory.dmp

Filesize
4.4MB

Download