54cf84f5a988a8e4dfa86bf48a207ca8b5e7930934c3ba7759985ad39f38bdae

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:32

Target

SkyexchangeRework.exe
Size

80.1MB
MD5

8b0c5628143a952cb935b5a1d5acc07d
SHA1

137493a3df309d756884e60d2f64a0f4cd7b601f
SHA256

54cf84f5a988a8e4dfa86bf48a207ca8b5e7930934c3ba7759985ad39f38bdae
SHA512

48b7fd0f47d378c1ea5e8346ddf48a72817820b5a15d8b50ea1e75567e11d2a564a7deaa77802b9fe7aa0373e54161ef0d88d0fe7d7014f88877c87559f4eb1e
SSDEEP

1572864:UvNBYQ3j0cSk8IpG7V+VPhqcPE70jCDPRQvljSvOul/JGZGHkVZWT9EtsB7A:UvNBY+LSkB05awcVuD2wOuNzSO9p7

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
3024	SkyexchangeRework.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000400000001cf80-1260.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 3024	316	SkyexchangeRework.exe	30
PID 316 wrote to memory of 3024	316	SkyexchangeRework.exe	30
PID 316 wrote to memory of 3024	316	SkyexchangeRework.exe	30

C:\Users\Admin\AppData\Local\Temp\SkyexchangeRework.exe
"C:\Users\Admin\AppData\Local\Temp\SkyexchangeRework.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Users\Admin\AppData\Local\Temp\SkyexchangeRework.exe
  "C:\Users\Admin\AppData\Local\Temp\SkyexchangeRework.exe"
  2⤵
  - Loads dropped DLL
  PID:3024

C:\Users\Admin\AppData\Local\Temp\_MEI3162\python311.dll

Filesize
1.6MB

MD5
546cc5fe76abc35fdbf92f682124e23d

SHA1
5c1030752d32aa067b49125194befee7b3ee985a

SHA256
43bff2416ddd123dfb15d23dc3e99585646e8df95633333c56d85545029d1e76

SHA512
cb75334f2f36812f3a5efd500b2ad97c21033a7a7054220e58550e95c3408db122997fee70a319aef8db6189781a9f2c00a9c19713a89356038b87b036456720

Download Submit
memory/3024-1262-0x000007FEF6380000-0x000007FEF6969000-memory.dmp

Filesize
5.9MB

Download