e5874371f444c726b62225c3e7de6e2a10b6f880a1577ef87d6a94b8c130196a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 17:22

Target

start.exe
Size

9.4MB
MD5

51a2bb8ec89f73112012022e006a8310
SHA1

5a451ce108dd948dbe7ff1eb7574654608ef35d2
SHA256

e5874371f444c726b62225c3e7de6e2a10b6f880a1577ef87d6a94b8c130196a
SHA512

b35e0e8037b2c621bdf261973423ff5ce6764abb8aa88ee142d7bed482995c12d3404f6a798712220daba08f508503ffa6eb9c607522acb060d771501ca5d7ef
SSDEEP

196608:Maj2xzKH/m4SwLRXgWPmpzdhqiYB6yD+KdWrGXMXVh1:Z2xze5L1V8d8BR5Ji

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2764	start.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a48f-46.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2764	2988	start.exe	30
PID 2988 wrote to memory of 2764	2988	start.exe	30
PID 2988 wrote to memory of 2764	2988	start.exe	30

C:\Users\Admin\AppData\Local\Temp\start.exe
"C:\Users\Admin\AppData\Local\Temp\start.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\start.exe
  "C:\Users\Admin\AppData\Local\Temp\start.exe"
  2⤵
  - Loads dropped DLL
  PID:2764

C:\Users\Admin\AppData\Local\Temp\_MEI29882\python310.dll

Filesize
1.4MB

MD5
259f0b7b6eed52d7766fa294ee0db193

SHA1
f158995508e460c47748666219a54ee575973397

SHA256
9b88ca9240770931a2041e6d05ad4508b391859f8ed3603303935dcc1e55c406

SHA512
7efd3402d4cbd1146444fdab5eeb4a8aab6fec04b718761da3e0fd417d67e9576fc354737b3453f9e9c12210f1930e6eadd7c0570242b0c8a548fdb92051360c

Download Submit
memory/2764-48-0x000007FEF59C0000-0x000007FEF5E26000-memory.dmp

Filesize
4.4MB

Download