20951c64e76fe47ba0eb9b14428cc12f41914d671127079446b79bc142d1b782

Resubmissions

26-09-2024 15:31

26-09-2024 15:28

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 15:31

Target

GSB.exe
Size

17.8MB
MD5

b6a32e9bed61d137f4da4631fa2bf28b
SHA1

2bcae476a5075a3c2f3c8784fbb9b7423d47ef20
SHA256

20951c64e76fe47ba0eb9b14428cc12f41914d671127079446b79bc142d1b782
SHA512

fb71311eb4b019fd397313d42e834086b783dae6d2d3b8902bd2bb50c1ffd7f30527ac2e31af7619d688670e78864c1fba701dc943db0302c4bcfd6616562777
SSDEEP

393216:mqPnLFXlreQ+DOETgsvfG6gSsvE0c/5i7veq:LPLFXNeQ/EnPFr54

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
656	GSB.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000400000001957d-112.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 656	2732	GSB.exe	30
PID 2732 wrote to memory of 656	2732	GSB.exe	30
PID 2732 wrote to memory of 656	2732	GSB.exe	30

C:\Users\Admin\AppData\Local\Temp\GSB.exe
"C:\Users\Admin\AppData\Local\Temp\GSB.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\GSB.exe
  "C:\Users\Admin\AppData\Local\Temp\GSB.exe"
  2⤵
  - Loads dropped DLL
  PID:656

C:\Users\Admin\AppData\Local\Temp\_MEI27322\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/656-114-0x000007FEF6400000-0x000007FEF686E000-memory.dmp

Filesize
4.4MB

Download