aa5b7367b2b86a3b6e6847a7b168d153e1267c84da8e60b7c9a92a5dfb504fe4

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-10-2024 15:24

Target

AMDupeExploit.exe
Size

17.0MB
MD5

d67b6fd7be094652214db99a7ecb05bd
SHA1

8f444caa0ca2fe7684d203692cd954bf13b53473
SHA256

a290a4596cfd35a9b95561fb9a95f292b2244005046e545020735ae850c98d6e
SHA512

b7a7b4baad87526a97000b1e0108985a2f332bff948c1bec6d2192d3be1de9768b171f842b255db60f7938b2e11aed55c1cf786187e23b2e78c3356454075076
SSDEEP

196608:0NV1rFuB6ylnlPzf+JiJCsmFMvcn6hVv9:TBRlnlPSa7mmvc+l

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2468	AMDupeExploit.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/files/0x00050000000191fd-21.dat	upx
behavioral3/memory/2468-23-0x000007FEF65C0000-0x000007FEF6BAA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2468	2404	AMDupeExploit.exe	30
PID 2404 wrote to memory of 2468	2404	AMDupeExploit.exe	30
PID 2404 wrote to memory of 2468	2404	AMDupeExploit.exe	30

C:\Users\Admin\AppData\Local\Temp\AMDupeExploit.exe
"C:\Users\Admin\AppData\Local\Temp\AMDupeExploit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\AMDupeExploit.exe
  "C:\Users\Admin\AppData\Local\Temp\AMDupeExploit.exe"
  2⤵
  - Loads dropped DLL
  PID:2468

C:\Users\Admin\AppData\Local\Temp\_MEI24042\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2468-23-0x000007FEF65C0000-0x000007FEF6BAA000-memory.dmp

Filesize
5.9MB

Download