39eb7d6916e7ef77ed330771b40f1d0f923285caea136d585e527a27aa645f29

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/09/2024, 21:36

Target

main.exe
Size

17.7MB
MD5

97e3023275d438e67c1283727a1de258
SHA1

2b0ccb11b873bd9099624faee2695cbd2e0bbcef
SHA256

39eb7d6916e7ef77ed330771b40f1d0f923285caea136d585e527a27aa645f29
SHA512

c0066c8cb63c910e5499f4f61c8f2032a786c34a7a21e2d6a8b940bd2cf02894ff85b0a26c3be9e1f47b09b7d7898315b2efb4c414c6883dea0283210dfeb741
SSDEEP

393216:iqPnLFXlrgUgQpDOETgsvfGAfgGQAvEPRKNEgTLa:nPLFXNgtQoE/nQ50iO

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1652	main.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001c869-112.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1652	2084	main.exe	31
PID 2084 wrote to memory of 1652	2084	main.exe	31
PID 2084 wrote to memory of 1652	2084	main.exe	31

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:1652

C:\Users\Admin\AppData\Local\Temp\_MEI20842\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/1652-114-0x000007FEF5B00000-0x000007FEF5F6E000-memory.dmp

Filesize
4.4MB

Download