9247039186ec01688d19be3ade8e18fa086301145b7c00cc24465147764c63b8

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 09:52

Target

CBLines.exe
Size

6.8MB
MD5

70712fd782102184f1a6afea1c51a2cf
SHA1

b2fd8b126ab9cc8174dda5e7c570a08a6dc5e61c
SHA256

9247039186ec01688d19be3ade8e18fa086301145b7c00cc24465147764c63b8
SHA512

3a6555110a2424bcd52ffc80818418136349c69a0b54cd0fd0d84096cbf31e77ac446498a9bc7e966aecf2cec167fe0dc4e129217dde13a79a62881de8dbc1dc
SSDEEP

98304:spkwN+MdA5wqMx+U8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLA:spV1wB6ylnlPzf+JiJCsmFMvcn6hVvk

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2944	CBLines.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019d61-21.dat	upx
behavioral1/memory/2944-23-0x000007FEF6200000-0x000007FEF67EA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2944	2124	CBLines.exe	29
PID 2124 wrote to memory of 2944	2124	CBLines.exe	29
PID 2124 wrote to memory of 2944	2124	CBLines.exe	29

C:\Users\Admin\AppData\Local\Temp\CBLines.exe
"C:\Users\Admin\AppData\Local\Temp\CBLines.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\CBLines.exe
  "C:\Users\Admin\AppData\Local\Temp\CBLines.exe"
  2⤵
  - Loads dropped DLL
  PID:2944

C:\Users\Admin\AppData\Local\Temp\_MEI21242\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2944-23-0x000007FEF6200000-0x000007FEF67EA000-memory.dmp

Filesize
5.9MB

Download