e461f6d4f4386add20a92e5e0a057b1b2373cf598ecb585f0b3c7a187070ad82

Resubmissions

08/10/2024, 11:02

08/10/2024, 10:55

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 10:55

Target

CBLines.exe
Size

6.8MB
MD5

3007ee10af667a5b7a08383e1075ffeb
SHA1

235a92053da4068ffc5071f5c7283aabc1eacd15
SHA256

e461f6d4f4386add20a92e5e0a057b1b2373cf598ecb585f0b3c7a187070ad82
SHA512

b0a61f79c904d1cfec1c12a3335e8af04e6849671793f8dc2840d4f2b25f698b4712c576cf7228975fab72c820f5367f1822947eefb1db932e5c20de9cf32318
SSDEEP

98304:EnkwN+MdA5wqMmSd8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLD:EnV1J+B6ylnlPzf+JiJCsmFMvcn6hVvX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2704	CBLines.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000193da-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2704	2740	CBLines.exe	30
PID 2740 wrote to memory of 2704	2740	CBLines.exe	30
PID 2740 wrote to memory of 2704	2740	CBLines.exe	30

C:\Users\Admin\AppData\Local\Temp\CBLines.exe
"C:\Users\Admin\AppData\Local\Temp\CBLines.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\CBLines.exe
  "C:\Users\Admin\AppData\Local\Temp\CBLines.exe"
  2⤵
  - Loads dropped DLL
  PID:2704

C:\Users\Admin\AppData\Local\Temp\_MEI27402\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2704-23-0x000007FEF6270000-0x000007FEF685A000-memory.dmp

Filesize
5.9MB

Download