e2d7dea69bfde2dc6ab569b06838e24342bb3a6d5d0e6e1cba20c140ce987962

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 14:42

Target

SyprTool.exe
Size

18.7MB
MD5

4e52de32664ce60619149f18feeef99d
SHA1

d86dd3a3c51eb638303eb1f2c9781b5a471a177c
SHA256

e2d7dea69bfde2dc6ab569b06838e24342bb3a6d5d0e6e1cba20c140ce987962
SHA512

16ff12cf4483e686a6a05d6ccb896f466aa1f1f7b5dfeb1d92e1393b6aa57967e6ff688481cba43fa569fc9dc7a3363005de8894f4a386df6a36c1ac3c69da80
SSDEEP

393216:qqPnLFXlrjQpDOETgsvfGPgvE1uTdDoigMX3lPC:/PLFXNjQoEK2E27tX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
3024	SyprTool.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001c8ae-120.dat	upx
behavioral1/memory/3024-122-0x000007FEF5F00000-0x000007FEF636E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 3024	2364	SyprTool.exe	30
PID 2364 wrote to memory of 3024	2364	SyprTool.exe	30
PID 2364 wrote to memory of 3024	2364	SyprTool.exe	30

C:\Users\Admin\AppData\Local\Temp\SyprTool.exe
"C:\Users\Admin\AppData\Local\Temp\SyprTool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\SyprTool.exe
  "C:\Users\Admin\AppData\Local\Temp\SyprTool.exe"
  2⤵
  - Loads dropped DLL
  PID:3024

C:\Users\Admin\AppData\Local\Temp\_MEI23642\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/3024-122-0x000007FEF5F00000-0x000007FEF636E000-memory.dmp

Filesize
4.4MB

Download