79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 09:50

Target

79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe
Size

7.4MB
MD5

cd56d1639c638ef44a1cbcf6756ef2ba
SHA1

784970f33b026fe770d8c0f8938d17b26c428327
SHA256

79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88
SHA512

c00a3be6d4cbc672b4fe3b4afb5072832a870c99d795656380e23d33e9b7b45f2d0851ba86e1d35fe502af2d001cf13e13ff6d431349dc166cfbdcc54bb19b39
SSDEEP

196608:qw0cDemLjv+bhqNVoBKUh8mz4Iv9Pmu1D7wJo:SieaL+9qz8/b4IsuRmo

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2292	79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000400000001942a-21.dat	upx
behavioral1/memory/2292-23-0x000007FEF5FF0000-0x000007FEF65D9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2292	2368	79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe	29
PID 2368 wrote to memory of 2292	2368	79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe	29
PID 2368 wrote to memory of 2292	2368	79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe	29

C:\Users\Admin\AppData\Local\Temp\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe
"C:\Users\Admin\AppData\Local\Temp\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe
  "C:\Users\Admin\AppData\Local\Temp\79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88.exe"
  2⤵
  - Loads dropped DLL
  PID:2292

C:\Users\Admin\AppData\Local\Temp\_MEI23682\python311.dll

Filesize
1.6MB

MD5
0b66c50e563d74188a1e96d6617261e8

SHA1
cfd778b3794b4938e584078cbfac0747a8916d9e

SHA256
02c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2

SHA512
37d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f

Download Submit
memory/2292-23-0x000007FEF5FF0000-0x000007FEF65D9000-memory.dmp

Filesize
5.9MB

Download