0cfd9e20af262ce9eaffa58b5deb15a454159adcf682b24d96bab8cccc89d64d

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 22:48

Target

hyperion.exe
Size

58.4MB
MD5

0ec4d20dccaa0aed06a491a4c9c1636d
SHA1

b7aeed9a004193b472fc82296cd0d7f121978433
SHA256

2cffa447570221c478089472e676991105bf71154549b40608eeac113f890515
SHA512

81c77adc25ff0b01c039f2dfc35d38d169281db8892eb6c5b1123b4ea1b94f3eb080dffcd846c7a0ddff0512a58b594b5d583f89eadd5d9d91c7f3b478a6ce17
SSDEEP

1572864:uvEb9dLgxquRke+EJYPLnB3e4tBwzBtJ1srDVSmCo:uMbgxzupnB3eCBw1T1s/cx

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2380	main.exe

Loads dropped DLL 2 IoCs

pid	Process
1496	hyperion.exe
2380	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2380	1496	hyperion.exe	31
PID 1496 wrote to memory of 2380	1496	hyperion.exe	31
PID 1496 wrote to memory of 2380	1496	hyperion.exe	31

\Users\Admin\AppData\Local\Temp\onefile_1496_133676309358368000\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
memory/1496-199-0x000000013F560000-0x0000000142FFC000-memory.dmp

Filesize
58.6MB

Download
memory/2380-102-0x000000013F140000-0x0000000143137000-memory.dmp

Filesize
64.0MB

Download