57a08fe1da100ef18cad24b570afec67935e55c5ece1971439234b81132e3673

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-es
resource tags

arch:x64arch:x86image:win7-20240708-eslocale:es-esos:windows7-x64systemwindows
submitted
11-10-2024 13:18

Target

Redgine craked by jotaah.exe
Size

6.8MB
MD5

481fedb42c5457a4cc3df8102cbc7a57
SHA1

68343f8d4d7d9ad7209aabb7be8736a9db6a1e2c
SHA256

57a08fe1da100ef18cad24b570afec67935e55c5ece1971439234b81132e3673
SHA512

3c9166cc9de8b82c509d577b3a7c6cf755548e3a73c7f161f7e8ae5bf9016484ea8197bbca39acaf155711a7cd6a33ffbf973e8d0c85545c28c8517a3a59382e
SSDEEP

98304:R6kwN+MdA5wqMI8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoaZDJ1n6hBnLnza:R6V1/B6ylnlPzf+JiJCsmFMvNn6hVva

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2920	Redgine craked by jotaah.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000195c2-21.dat	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2920	Redgine craked by jotaah.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2920	2896	Redgine craked by jotaah.exe	30
PID 2896 wrote to memory of 2920	2896	Redgine craked by jotaah.exe	30
PID 2896 wrote to memory of 2920	2896	Redgine craked by jotaah.exe	30

C:\Users\Admin\AppData\Local\Temp\Redgine craked by jotaah.exe
"C:\Users\Admin\AppData\Local\Temp\Redgine craked by jotaah.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Users\Admin\AppData\Local\Temp\Redgine craked by jotaah.exe
  "C:\Users\Admin\AppData\Local\Temp\Redgine craked by jotaah.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2920

C:\Users\Admin\AppData\Local\Temp\_MEI28962\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2920-23-0x000007FEF5F60000-0x000007FEF654A000-memory.dmp

Filesize
5.9MB

Download
memory/2920-24-0x000007FEF5F60000-0x000007FEF654A000-memory.dmp

Filesize
5.9MB

Download