2091e2da1f1d89319328cf6912e0f3c731f5bb659dabd384df89b1bab44345dc

Resubmissions

23/09/2024, 18:08

max time kernel
1558s
max time network
1559s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/09/2024, 18:08

Target

1hack.exe
Size

10.0MB
MD5

9aa6a8d816ea49f64878994780abf2b0
SHA1

b8b76221894d6308ffa0fe4c96712c637f2a521b
SHA256

2091e2da1f1d89319328cf6912e0f3c731f5bb659dabd384df89b1bab44345dc
SHA512

1946a3a9f43cec69b4b904329e93b373d6ef416e3417cd39a0cfd2c0e763b612efa555ca2e70987f34a7b660dd67478f20b0e4ed8d2cf8a2d1c0620b0342067c
SSDEEP

98304:Uu8EtdFBy1AamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BM0bC3/G9Y:UuLFM1BeN/FJMIDJf0gsAGK4R0u059Y

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1636	1hack.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019273-21.dat	upx
behavioral1/memory/1636-23-0x000007FEF6AB0000-0x000007FEF6F1E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 1636	2056	1hack.exe	30
PID 2056 wrote to memory of 1636	2056	1hack.exe	30
PID 2056 wrote to memory of 1636	2056	1hack.exe	30

C:\Users\Admin\AppData\Local\Temp\1hack.exe
"C:\Users\Admin\AppData\Local\Temp\1hack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Users\Admin\AppData\Local\Temp\1hack.exe
  "C:\Users\Admin\AppData\Local\Temp\1hack.exe"
  2⤵
  - Loads dropped DLL
  PID:1636

C:\Users\Admin\AppData\Local\Temp\_MEI20562\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/1636-23-0x000007FEF6AB0000-0x000007FEF6F1E000-memory.dmp

Filesize
4.4MB

Download