609741c0ed4e7c4eb4182f861b1d58136720313a6e399bdba10feca87e13d209

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-10-2024 18:32

Target

sef.exe
Size

12.2MB
MD5

0715f24b40570cc14aa83d5bf0370561
SHA1

a93bff8229cfe9d168203a881085ae217fb9c564
SHA256

609741c0ed4e7c4eb4182f861b1d58136720313a6e399bdba10feca87e13d209
SHA512

eb6a050ccf862b551bdc8b279a0849b96a636c3861beea599936b3dd07134a1767904232dca8ee9a145b5487d8747a25e7372e763ed4d9e7c1342353f138c166
SSDEEP

393216:rKjS/sjgIZRiK1piXLGVELsRjXnsgyYdZdo:rmbfDiXHQRzddo

Score

7^/10

upx

pid	process
2916	sef.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI15282\python313.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

sef.exe

description	pid	process	target process
PID 1528 wrote to memory of 2916	1528	sef.exe	sef.exe
PID 1528 wrote to memory of 2916	1528	sef.exe	sef.exe
PID 1528 wrote to memory of 2916	1528	sef.exe	sef.exe

C:\Users\Admin\AppData\Local\Temp\sef.exe
"C:\Users\Admin\AppData\Local\Temp\sef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Users\Admin\AppData\Local\Temp\sef.exe
  "C:\Users\Admin\AppData\Local\Temp\sef.exe"
  2⤵
  - Loads dropped DLL
  PID:2916

C:\Users\Admin\AppData\Local\Temp\_MEI15282\python313.dll

Filesize
1.8MB

MD5
d8064129e98609f661abbed76e1a3a90

SHA1
10c8e18616bd3012045e9a0f349add4e4e8e8db4

SHA256
dea683826da43766b4902881d5e5924c181d69d35238df654e230070695d5ca4

SHA512
06e51dac672a4897026c65920eb4e3f119b4b2935ee525b07f1f1de0e2975e9d101ea913d75e479f29f09bb1b510f89b46d879abbc14035e877a3f5b4b69abd3

Download Submit
memory/2916-47-0x000007FEF5480000-0x000007FEF5AE3000-memory.dmp

Filesize
6.4MB

Download