3085188c97d30b95c51b3697fba461a4c36c0e8dbc4e2e40306e432db0aa1022

Analysis

max time kernel
89s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16-08-2024 02:50

Target

main.exe
Size

38.3MB
MD5

ee097363fd259cd976ecb09308f47453
SHA1

59bcd1f2b660778b81c20c7a1040e7d898b75b39
SHA256

3085188c97d30b95c51b3697fba461a4c36c0e8dbc4e2e40306e432db0aa1022
SHA512

2f0749b777563d7ca2478376ce8742069cb82c9278cb5d387d4a75067caf708a448a2a753efc9a8d19ad337dcfb9d04779f950aaeb656a3f1b69d75655d0d839
SSDEEP

786432:civHdwocd0O/dI2hexeN5l5glkjQpb1KQveSoy2qwDwnGeoKN:cWD8noxEl+lkjQHfvdJ2qwwJoK

Score

7^/10

upx

pid	process
2172	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI27482\python310.dll	upx
behavioral1/memory/2172-14-0x000007FEF6070000-0x000007FEF64D6000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

main.exe

description	pid	process	target process
PID 2748 wrote to memory of 2172	2748	main.exe	main.exe
PID 2748 wrote to memory of 2172	2748	main.exe	main.exe
PID 2748 wrote to memory of 2172	2748	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2172

C:\Users\Admin\AppData\Local\Temp\_MEI27482\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
memory/2172-14-0x000007FEF6070000-0x000007FEF64D6000-memory.dmp

Filesize
4.4MB

Download