e655306135a5bd7cd4176d385b2a346c8281ef0870707eb0158528c2da9a8a6f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 22:37 UTC

Target

main.exe
Size

17.8MB
MD5

dc8ed599da0119967c1708fe2b2958c6
SHA1

d9dca9566c0c3e854b358d4c42ac9709b1b88efd
SHA256

e655306135a5bd7cd4176d385b2a346c8281ef0870707eb0158528c2da9a8a6f
SHA512

78147c45a0b67a901fb912a645b399073ece9686e4a97d23767da54a1805e07fa24d53e39729505df9b57d756562e9f49ad64cdea36fe482d2f09d427544155a
SSDEEP

393216:rqPnLFXlreQ8DOETgsvfG5Lgigp1lvEN/Cc9qFq:+PLFXNeQhEwLRgSkcv

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2324	main.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001c883-112.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 2324	552	main.exe	30
PID 552 wrote to memory of 2324	552	main.exe	30
PID 552 wrote to memory of 2324	552	main.exe	30

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2324

C:\Users\Admin\AppData\Local\Temp\_MEI5522\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/2324-114-0x000007FEF5DB0000-0x000007FEF621E000-memory.dmp

Filesize
4.4MB

Download