fea7fe27949fb4491ea2cef150613f02e2d14b4437abec7ff3cb10f55d24384f

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 14:53

Target

Boostrapper11.exe
Size

49.8MB
MD5

cf200855953b43eba651f132da4ecd23
SHA1

9bc83e1f6a6b8a9aa7e1224cf62178e236c818e3
SHA256

fea7fe27949fb4491ea2cef150613f02e2d14b4437abec7ff3cb10f55d24384f
SHA512

2c5f153873e1bd7364a4d9e487bc02aa9de7e8c80ca3e534ac342821174a895e15c637a45781f2a7601e73e3bc710a8602407e6078f4653c717011c7f0e2eced
SSDEEP

1572864:dAOQ20j5f7vnZlT5xTivfSyWqrSaclIlm:dAOEjljbT5xentWLkQ

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
872	Boostrapper11.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020842-722.dat	upx
behavioral1/memory/872-724-0x000007FEF6380000-0x000007FEF6968000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 872	2340	Boostrapper11.exe	31
PID 2340 wrote to memory of 872	2340	Boostrapper11.exe	31
PID 2340 wrote to memory of 872	2340	Boostrapper11.exe	31

C:\Users\Admin\AppData\Local\Temp\Boostrapper11.exe
"C:\Users\Admin\AppData\Local\Temp\Boostrapper11.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\Boostrapper11.exe
  "C:\Users\Admin\AppData\Local\Temp\Boostrapper11.exe"
  2⤵
  - Loads dropped DLL
  PID:872

C:\Users\Admin\AppData\Local\Temp\_MEI23402\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
memory/872-724-0x000007FEF6380000-0x000007FEF6968000-memory.dmp

Filesize
5.9MB

Download