f2c5f3989670529e53bd0174af090cb1bdfee55f2db15b575e7410cf25107750

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 17:16

Target

breakwindows.exe
Size

6.3MB
MD5

20acfc60fd4ea08096a4f09b1f0ef0dc
SHA1

ae2d6c9c82660dbaef65ad52c4b532048a8b4aa6
SHA256

f2c5f3989670529e53bd0174af090cb1bdfee55f2db15b575e7410cf25107750
SHA512

7938832f3f81a9233b08f2a6b0bf16f42b75c1ca27214282fd02cfeedbb343cebe87d5e2677bd74b04dd289ee5e6103c028dc3e59eed9d2f3e67ac86e3279e6e
SSDEEP

98304:BZDzNBS27wy4Pf1N2zIh3ET9qMxVMOPUh3PdWPEUrJY6AOxbHWvKJ1ngOcsS4m:Bvx4FMIZETPjPePdrQJ/BHnPc

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2324	breakwindows.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2324	2376	breakwindows.exe	30
PID 2376 wrote to memory of 2324	2376	breakwindows.exe	30
PID 2376 wrote to memory of 2324	2376	breakwindows.exe	30

C:\Users\Admin\AppData\Local\Temp\breakwindows.exe
"C:\Users\Admin\AppData\Local\Temp\breakwindows.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\breakwindows.exe
  "C:\Users\Admin\AppData\Local\Temp\breakwindows.exe"
  2⤵
  - Loads dropped DLL
  PID:2324

C:\Users\Admin\AppData\Local\Temp\_MEI23762\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit