bc62a9ab052e0895e87288dbd8332b1ff6e556d180ba2fdf7e437c053077f7b2

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-10-2024 04:54

Target

legitwareloader/legitware/legitwareloader.exe
Size

9.0MB
MD5

57d2bd9e3c05063c8bfd7258acd08675
SHA1

2ea7bad1cf34c8e9d9eb6d1b646d487fe60c70f0
SHA256

825e6f22b79530f2185528db6fbb56fecd2c82148186cbd15481f09a86bbfcd9
SHA512

e434573785d2ac57891dd72ee1244268b079fea31aa699e4b4351d6b7a72d76528bdbf76cf9d655f414f8673b5474e102775eee0ee2a83a7d25daa8d1dc7ddc0
SSDEEP

98304:2fCkwN+MdA5wqSnWN6t8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DovaDJ1n6hT:2KV1vQB6ylnlPzf+JiJCsmFMvln6hqgj

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2376	legitwareloader.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000018708-21.dat	upx
behavioral1/memory/2376-23-0x000007FEF64E0000-0x000007FEF6ACA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2376	2024	legitwareloader.exe	30
PID 2024 wrote to memory of 2376	2024	legitwareloader.exe	30
PID 2024 wrote to memory of 2376	2024	legitwareloader.exe	30

C:\Users\Admin\AppData\Local\Temp\legitwareloader\legitware\legitwareloader.exe
"C:\Users\Admin\AppData\Local\Temp\legitwareloader\legitware\legitwareloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\legitwareloader\legitware\legitwareloader.exe
  "C:\Users\Admin\AppData\Local\Temp\legitwareloader\legitware\legitwareloader.exe"
  2⤵
  - Loads dropped DLL
  PID:2376

C:\Users\Admin\AppData\Local\Temp\_MEI20242\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2376-23-0x000007FEF64E0000-0x000007FEF6ACA000-memory.dmp

Filesize
5.9MB

Download