b3ce55c72f4e23252235f9698bd6078880ceaca310ba16ee859a5a2d6cc39a92

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-10-2024 06:44

Target

cmd.exe
Size

6.8MB
MD5

8195a06ffd3a0423e0698dd4d06a0cb9
SHA1

afc80695865beea92f665cf1d8b33ebae71f40ac
SHA256

b3ce55c72f4e23252235f9698bd6078880ceaca310ba16ee859a5a2d6cc39a92
SHA512

69ad1591ca03e9ef764a592a2b21919a60fea0e08e3a11ed3c38f8cf9d065b3d44dddc268186fc1a783339d019559937bb8de97c2ac9f99ee75107a372f3f4a1
SSDEEP

98304:YkkwN+MdA5wqMk98MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLnx:YkV15B6ylnlPzf+JiJCsmFMvcn6hVvl

Score

7^/10

upx

pid	process
2256	cmd.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI20602\python311.dll	upx
behavioral1/memory/2256-23-0x000007FEF6130000-0x000007FEF671A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2060 wrote to memory of 2256	2060	cmd.exe	cmd.exe
PID 2060 wrote to memory of 2256	2060	cmd.exe	cmd.exe
PID 2060 wrote to memory of 2256	2060	cmd.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060

C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
2⤵
- Loads dropped DLL
PID:2256

C:\Users\Admin\AppData\Local\Temp\_MEI20602\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2256-23-0x000007FEF6130000-0x000007FEF671A000-memory.dmp

Filesize
5.9MB

Download