399b296b21cca504e716f53dddc8d01ab781b4592306320cb8b80ddcdfda333d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-08-2024 01:26

Target

auxia_updater.exe
Size

10.9MB
MD5

3b83f4ed82c3f00ccfd267a3fa0ff65e
SHA1

abb3b29c7092e0fec2d29999b56718b2267ed2c7
SHA256

92f7de4db70a88abef1e2fb31174fffa5a1b885aab68012b8a4ac31b3e827e22
SHA512

606c5238e11dfb41729fd510bf730dce67de5cf3f6a4f611b85ab555e71752c3df82890da075b5b14a8a2da8ca18781da8d468b9d3b1b44ab439e57eb45eee20
SSDEEP

196608:G7tPRQkdwuLUhJb3tQk5tsurErvI9pWj+sgX3ZdahF0wB1AajVsCEk9QtQTNWVJg:SxOhh7v5tsurEUWj/gXe7b2C7S6gU

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1688	auxia_updater.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a439-47.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 1688	2760	auxia_updater.exe	30
PID 2760 wrote to memory of 1688	2760	auxia_updater.exe	30
PID 2760 wrote to memory of 1688	2760	auxia_updater.exe	30

C:\Users\Admin\AppData\Local\Temp\auxia_updater.exe
"C:\Users\Admin\AppData\Local\Temp\auxia_updater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\auxia_updater.exe
  "C:\Users\Admin\AppData\Local\Temp\auxia_updater.exe"
  2⤵
  - Loads dropped DLL
  PID:1688

C:\Users\Admin\AppData\Local\Temp\_MEI27602\python312.dll

Filesize
1.7MB

MD5
01be3c75babc89c73e1f97286e2d254a

SHA1
bc54e991fbcccbca12159da53757f3e0739074dc

SHA256
ceced46d2deb9e7a1c74819cd5cad12c7bc291c163f292c7581eb35b50e97936

SHA512
6712adeaaecf511186ccc12a3dfce6221c1eeab498222ada5d4626abfe52520d55acd515fbc2c1b2791b8cdb45e585741c6349808a4e83b8aaba24c69a08ce52

Download Submit
memory/1688-49-0x000007FEF58D0000-0x000007FEF5F94000-memory.dmp

Filesize
6.8MB

Download