c73750dac1a808fcd97235eb7f63a5ff7b2bc4ec0d3194392ab05f3f2a93cd81

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-10-2024 15:29

Target

FN.PRIV.exe
Size

7.4MB
MD5

c947e8c44f6f7f4e81f13e4ee7ce0e38
SHA1

f3bc6d5760f07caf6e50a19d866ecb3af0a9abe4
SHA256

c73750dac1a808fcd97235eb7f63a5ff7b2bc4ec0d3194392ab05f3f2a93cd81
SHA512

dcd3111af723df57f87b225094da7c1316c14f12daeb8b10565858afb912f4c23438cbfaae149801eb520554d81fbc4921bffacd812835015dcf217728c716ad
SSDEEP

196608:ko8P8Ljv+bhqNVoB0SEsucQZ41JBbIEs1Lr:f8PsL+9qz80SJHQK1J9shr

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2380	FN.PRIV.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00060000000174f7-21.dat	upx
behavioral1/memory/2380-23-0x000007FEF5F90000-0x000007FEF657E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2380	2356	FN.PRIV.exe	30
PID 2356 wrote to memory of 2380	2356	FN.PRIV.exe	30
PID 2356 wrote to memory of 2380	2356	FN.PRIV.exe	30

C:\Users\Admin\AppData\Local\Temp\FN.PRIV.exe
"C:\Users\Admin\AppData\Local\Temp\FN.PRIV.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\FN.PRIV.exe
  "C:\Users\Admin\AppData\Local\Temp\FN.PRIV.exe"
  2⤵
  - Loads dropped DLL
  PID:2380

C:\Users\Admin\AppData\Local\Temp\_MEI23562\python311.dll

Filesize
1.6MB

MD5
76eb1ad615ba6600ce747bf1acde6679

SHA1
d3e1318077217372653be3947635b93df68156a4

SHA256
30be871735591ad96bc3fc7e541cdef474366159c2f7443feb30739cbd2db7e1

SHA512
2b960e74dd73f61d6a44fef0de9f2d50bcf2ec856b7aa5b97f0107e3cdadea461790760668a67db2ecaf71ff323133ee39ce2b38aafff3629c14e736d6a64aeb

Download Submit
memory/2380-23-0x000007FEF5F90000-0x000007FEF657E000-memory.dmp

Filesize
5.9MB

Download