b749cc75224a853c131eb41664ea2491efc9b4cfa2d7b51b944d1ae3278a7aee

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 04:59

Target

symac.exe
Size

16.0MB
MD5

5357bce80610ab6480a939e51ab6dc3e
SHA1

ed879d284d3c84ca42ffe78303eae966063dc04d
SHA256

175e4e77f03bc4c7667cc6bcea71db027b057fad80ed7344c168e9a2ace46113
SHA512

ef90017f395a87ce41b4fac6105d277ecdef4bd5cf3ebd0f8937f5968bc13e54acf1e40b264a22b1929d6736a03fb62300e9ac801ef71340786a46bbbec5b29e
SSDEEP

393216:Hh9SqWvz+XOVVsdzeTGz7kpL+9qzTfbCk+7q301J5BOxemRy7CWHOc:B9Oz+XOLyZ78+9q/f5301jM8KhEz

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2152	symac.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/files/0x0004000000019670-88.dat	upx
behavioral3/memory/2152-90-0x000007FEF5AE0000-0x000007FEF61B8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2152	2712	symac.exe	30
PID 2712 wrote to memory of 2152	2712	symac.exe	30
PID 2712 wrote to memory of 2152	2712	symac.exe	30

C:\Users\Admin\AppData\Local\Temp\symac.exe
"C:\Users\Admin\AppData\Local\Temp\symac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\symac.exe
  "C:\Users\Admin\AppData\Local\Temp\symac.exe"
  2⤵
  - Loads dropped DLL
  PID:2152

C:\Users\Admin\AppData\Local\Temp\_MEI27122\python312.dll

Filesize
1.8MB

MD5
667e7967137e42e693059a6b9ffbb65c

SHA1
3d8a134f4ef422f922b4fdc7bc126bba5eb9b12e

SHA256
4091f7c2d23be37bea7250a369611140644a7f5a71d095cc0d6b2f0bfe37530f

SHA512
7fa1161dee9f59f11e30d711ab40eb9f743ef243ef7b718863cb5d099bb5a8d523dcee67bbf3125cc893a9bfe21811335ee09bbc0a5cb1a13d979a6936cac3ac

Download Submit
memory/2152-90-0x000007FEF5AE0000-0x000007FEF61B8000-memory.dmp

Filesize
6.8MB

Download