0c86fb11c55ffa634da53d5dda7a73e106c12839eaa1b5c7e4eb17edc4213a4a

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 14:52

Target

RoAim.exe
Size

7.5MB
MD5

189a022731a74a5585595e2527e94341
SHA1

63d75ab90ff622461b9982db13d2de9f15840bf7
SHA256

0c86fb11c55ffa634da53d5dda7a73e106c12839eaa1b5c7e4eb17edc4213a4a
SHA512

c17d0bd7734dec2d15f5d25e6f2efa8284e96db86c73c1873152a73b8ed843ab72ec46dd4d5c4dc18bcd16d72a82a61ae44a27be08941f7e6c625c0dc2bf8058
SSDEEP

196608:akgVVEpwfI9jUC2gYBYv3vbW2+iITx1U6ny:AVVEWIH2gYBgDWJTnzy

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2516	RoAim.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000018e65-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2516	3064	RoAim.exe	30
PID 3064 wrote to memory of 2516	3064	RoAim.exe	30
PID 3064 wrote to memory of 2516	3064	RoAim.exe	30

C:\Users\Admin\AppData\Local\Temp\RoAim.exe
"C:\Users\Admin\AppData\Local\Temp\RoAim.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Users\Admin\AppData\Local\Temp\RoAim.exe
  "C:\Users\Admin\AppData\Local\Temp\RoAim.exe"
  2⤵
  - Loads dropped DLL
  PID:2516

C:\Users\Admin\AppData\Local\Temp\_MEI30642\python312.dll

Filesize
1.7MB

MD5
6f7c42579f6c2b45fe866747127aef09

SHA1
b9487372fe3ed61022e52cc8dbd37e6640e87723

SHA256
07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

SHA512
aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

Download Submit
memory/2516-23-0x000007FEF5BE0000-0x000007FEF62A5000-memory.dmp

Filesize
6.8MB

Download