2bde5ef21d7bdbcf7ef622f4eac91bec776875dd5b0bd5d52b41d2db4cf04400

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 21:09

Target

TOOLS.exe
Size

15.7MB
MD5

09977e752efb440d5254d763821229ee
SHA1

6893f9b9ad20cb7604a1f2edceb411123dc47fc6
SHA256

4da7c57da36f317504fc1fa73b252d4d4ec8b67cafcf9fde0ef997d2c2e65664
SHA512

291bf5bd25ae952b16a313c8614e5d9d8e4695b522ce8458f84b3b9673931d40d5650b986d54d6c2e6470b21890667186917bd84336519398ada207887548e4e
SSDEEP

196608:0gYIgMmSQJ0sKYu/PaQZXGnDzwmJb3tQk5tIDOAWJlpZstQoS9Hf1DklKXqb536c:ih9SWQZXG37v5tI9gGt7G/I5Kfl3mh

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2612	TOOLS.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a773-98.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2612	2376	TOOLS.exe	30
PID 2376 wrote to memory of 2612	2376	TOOLS.exe	30
PID 2376 wrote to memory of 2612	2376	TOOLS.exe	30

C:\Users\Admin\AppData\Local\Temp\TOOLS.exe
"C:\Users\Admin\AppData\Local\Temp\TOOLS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\TOOLS.exe
  "C:\Users\Admin\AppData\Local\Temp\TOOLS.exe"
  2⤵
  - Loads dropped DLL
  PID:2612

C:\Users\Admin\AppData\Local\Temp\_MEI23762\python310.dll

Filesize
1.4MB

MD5
c636d4d09f0c3ec969c9114ac7f3b5c8

SHA1
57f6716562d75dfff70945b503ab9615cf54262b

SHA256
1073c9c6d2c7a3a0feaf5fb3f405d9ec70101247eeee7f31a1e84a44aaf128f6

SHA512
75d54e5dd850e32794c261192f34a69c67c883aed358c8df92290a88dd426450b8f101ce41676dd6100d7856e969a66e76fd1dd3a7078fd5ffebb2a69e505bf9

Download Submit
memory/2612-100-0x000007FEF5C50000-0x000007FEF60B5000-memory.dmp

Filesize
4.4MB

Download