ec1fed84d75353891b36fb78fd8f36439b42d8c2cbb0c71095ea16fc677a1f1d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 20:41

Target

matrix.exe
Size

7.4MB
MD5

168cdc3d6000643f42df39498a725211
SHA1

8e66a27674f7aae4b532c57c4c05b5b91718e159
SHA256

ec1fed84d75353891b36fb78fd8f36439b42d8c2cbb0c71095ea16fc677a1f1d
SHA512

774109e8c6a216eaea439cca637ade9c289416a4a4f4d62c54f66ecf4ad41b7e8b4019612cb905894ad8b80282b67ab540ed98ca4ed6a8fd3f23b631f36b2cc8
SSDEEP

98304:LQSi8x9XQskurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC112c:LXP9VkurErvI9pWjgfPvzm6gsFE14A/

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2712	matrix.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001948a-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2712	2844	matrix.exe	30
PID 2844 wrote to memory of 2712	2844	matrix.exe	30
PID 2844 wrote to memory of 2712	2844	matrix.exe	30

C:\Users\Admin\AppData\Local\Temp\matrix.exe
"C:\Users\Admin\AppData\Local\Temp\matrix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\matrix.exe
  "C:\Users\Admin\AppData\Local\Temp\matrix.exe"
  2⤵
  - Loads dropped DLL
  PID:2712

C:\Users\Admin\AppData\Local\Temp\_MEI28442\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
memory/2712-23-0x000007FEF5EA0000-0x000007FEF6492000-memory.dmp

Filesize
5.9MB

Download