11ba97f6d0c8491d14372948dbac71c5a7b24d4f492b9ec1b5afde5c3d5473b7

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-10-2024 01:03

Target

autoupts.exe
Size

7.5MB
MD5

08d3f972602755f9941054edc2b97d96
SHA1

7a0b77b41e241d4c70d9e7a74bd7da10bdddeb58
SHA256

9efb448ed0cc9519bd5b954444261f5af7d1d148bcc4059a9b1cb82382c80206
SHA512

dbf2a57f4e3376093a84c0f05dab3b867ceb61a5b0ef83283f3ccba499219c15e89754afd1b50f47b5377db47fb168f3d9ac74afbec5987386828d4e37624930
SSDEEP

196608:Iw8PENLjv+bhqNVoB0SEsucQZ41JBbIr11ms:t8PmL+9qz80SJHQK1JG1Ys

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2676	autoupts.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000186ee-22.dat	upx
behavioral1/memory/2676-24-0x000007FEF5870000-0x000007FEF5E5E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2676	2664	autoupts.exe	31
PID 2664 wrote to memory of 2676	2664	autoupts.exe	31
PID 2664 wrote to memory of 2676	2664	autoupts.exe	31

C:\Users\Admin\AppData\Local\Temp\autoupts.exe
"C:\Users\Admin\AppData\Local\Temp\autoupts.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\autoupts.exe
  "C:\Users\Admin\AppData\Local\Temp\autoupts.exe"
  2⤵
  - Loads dropped DLL
  PID:2676

C:\Users\Admin\AppData\Local\Temp\_MEI26642\python311.dll

Filesize
1.6MB

MD5
76eb1ad615ba6600ce747bf1acde6679

SHA1
d3e1318077217372653be3947635b93df68156a4

SHA256
30be871735591ad96bc3fc7e541cdef474366159c2f7443feb30739cbd2db7e1

SHA512
2b960e74dd73f61d6a44fef0de9f2d50bcf2ec856b7aa5b97f0107e3cdadea461790760668a67db2ecaf71ff323133ee39ce2b38aafff3629c14e736d6a64aeb

Download Submit
memory/2676-24-0x000007FEF5870000-0x000007FEF5E5E000-memory.dmp

Filesize
5.9MB

Download