20ee527c87cdb4756892ad17681a18eebe52ccb8dd32a7268fb1f2a2bc8f4107

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 18:59

Target

OblivionSetup.exe
Size

80.8MB
MD5

9cedad247d9159b9c24d6445494f7665
SHA1

b986317051fbf7da644eab99373d0963e7669755
SHA256

20ee527c87cdb4756892ad17681a18eebe52ccb8dd32a7268fb1f2a2bc8f4107
SHA512

51e64599d73e6a7ba3c219ea9b0e5411e71946d1a4fb90a128870c5dc7503184bcdd26575ae8a7b45ab6140e7687a4502159774076754223697d48931a33f670
SSDEEP

1572864:CvxZQglcWq6ZSk8IpG7V+VPhqYdfmE7jlgJiYgj+h58sMwV96Xo4cJX:CvxZxmv6ZSkB05awcfbeL5R9cU

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2072	OblivionSetup.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a4e-1261.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2072	2740	OblivionSetup.exe	30
PID 2740 wrote to memory of 2072	2740	OblivionSetup.exe	30
PID 2740 wrote to memory of 2072	2740	OblivionSetup.exe	30

C:\Users\Admin\AppData\Local\Temp\OblivionSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OblivionSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\OblivionSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\OblivionSetup.exe"
  2⤵
  - Loads dropped DLL
  PID:2072

C:\Users\Admin\AppData\Local\Temp\_MEI27402\python311.dll

Filesize
1.6MB

MD5
335b4e7bf9b78b1ea902220cdb506506

SHA1
5ea9c9df911267392109d44a88727d3cfebb6d49

SHA256
4a6a3b70293915516a4503f60d3eba8f9db22e84918e17cb09fe9f76c5a2db8b

SHA512
3ba072b9acea573c0bc1819f3f434a1b0f1bd940efcbed7bb3d227ecca6cf413903815c7bb9299718db8df496c8c74c406b47f0331f2445243e09b55f8581be2

Download Submit
memory/2072-1263-0x000007FEF6180000-0x000007FEF6770000-memory.dmp

Filesize
5.9MB

Download