7d29a19644fd406db1cff837682c7baaaf43ef8a0a6b8758c195b8e180bda35c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 19:16

Target

c.exe
Size

32.8MB
MD5

2fe2371be39d349de88d8916bf201f24
SHA1

fd7d32aea5cde87bc83bc6bd4efe9c1ccf12ca47
SHA256

7d29a19644fd406db1cff837682c7baaaf43ef8a0a6b8758c195b8e180bda35c
SHA512

cc331f345a58d694c1ef6ea8f275c3db9b2e2bfc677e497ad22ee3473cea383f802cc15e4d2ada489f631cdb10cca490680c7d30cdc0cf733441d925b278e7f4
SSDEEP

786432:H9AOQND7vDBDJbTiumfSy1ESWqEp+0/pW/oyt4x:dAOQt7vpxTivfSyWqrSaoS4x

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2476	c.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020864-722.dat	upx
behavioral1/memory/2476-724-0x000007FEF5970000-0x000007FEF5F58000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2476	2384	c.exe	30
PID 2384 wrote to memory of 2476	2384	c.exe	30
PID 2384 wrote to memory of 2476	2384	c.exe	30

C:\Users\Admin\AppData\Local\Temp\c.exe
"C:\Users\Admin\AppData\Local\Temp\c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\c.exe
  "C:\Users\Admin\AppData\Local\Temp\c.exe"
  2⤵
  - Loads dropped DLL
  PID:2476

C:\Users\Admin\AppData\Local\Temp\_MEI23842\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
memory/2476-724-0x000007FEF5970000-0x000007FEF5F58000-memory.dmp

Filesize
5.9MB

Download