cf44f5c1dc5bfccb23436149f3de5f4292fc141a9ec7f5349c5e31b2b483c176

Analysis

max time kernel
14s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 11:52

Target

host.exe
Size

6.9MB
MD5

906e8cc6ac10240f8eeae1638a610575
SHA1

e13f28d6c04107f533dff9583cc65464263292de
SHA256

3758473eb45e5d8b24d6c2a36d65b10a71652a2accd7ce6fba916b24e754a77e
SHA512

2a73ea78a0bab159ba952af5223d573afc1ef683813cda6b7d4e6a5f53b5f2f40447b3b9e25cd31f4b7139fd3be8343041153b874d7cb37fcd4e77bcec3d91fa
SSDEEP

98304:lRmDjWM8JEE1rdAamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeR8YKJJcGhEIK:l00NBeNTfm/pf+xk4dWR8trbWOjgs+P

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2948	host.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral5/files/0x0006000000016d68-21.dat	upx
behavioral5/memory/2948-23-0x000007FEF63B0000-0x000007FEF6998000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2948	2400	host.exe	28
PID 2400 wrote to memory of 2948	2400	host.exe	28
PID 2400 wrote to memory of 2948	2400	host.exe	28

C:\Users\Admin\AppData\Local\Temp\host.exe
"C:\Users\Admin\AppData\Local\Temp\host.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\host.exe
  "C:\Users\Admin\AppData\Local\Temp\host.exe"
  2⤵
  - Loads dropped DLL
  PID:2948

C:\Users\Admin\AppData\Local\Temp\_MEI24002\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
memory/2948-23-0x000007FEF63B0000-0x000007FEF6998000-memory.dmp

Filesize
5.9MB

Download