dfe28651a1e845e1323ed61067065be56a9eb3244ec76f1a013c018c2515f4aa

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 02:01

Target

456.exe
Size

50.0MB
MD5

3bb811b851c4ea7b12be70fd1a47b2a2
SHA1

d8e6c24f5f5e06dbb15dfcdb548354807c349d50
SHA256

dfe28651a1e845e1323ed61067065be56a9eb3244ec76f1a013c018c2515f4aa
SHA512

d49d2ba89a191d3eaffbf2c42780790f8e4f0c854fdfffd99e6028de192eccbd2dd63b1ed17d86a61cb69df1c8149e3d1b61c5d1644e0787e1ed61709386f76e
SSDEEP

98304:r2frAEHhCgAi65sn6Wfz7pnxCb3AtZC0VZHtKpbzL8SG2XATHSm9ok6n9YbsHQ:rCrAESDOYbwtZVZibPpG2QrSso5nGsw

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
944	456.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000018c44-21.dat	upx
behavioral1/memory/944-23-0x000007FEF5D20000-0x000007FEF618E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 944	2112	456.exe	30
PID 2112 wrote to memory of 944	2112	456.exe	30
PID 2112 wrote to memory of 944	2112	456.exe	30

C:\Users\Admin\AppData\Local\Temp\456.exe
"C:\Users\Admin\AppData\Local\Temp\456.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\456.exe
  "C:\Users\Admin\AppData\Local\Temp\456.exe"
  2⤵
  - Loads dropped DLL
  PID:944

C:\Users\Admin\AppData\Local\Temp\_MEI21122\python310.dll

Filesize
1.4MB

MD5
76cb307e13fbbfb9e466458300da9052

SHA1
577f0029ac8c2dd64d6602917b7a26bcc2b27d2b

SHA256
95066c06d9ed165f0b6f34079ed917df1111bd681991f96952d9ee35d37dc615

SHA512
f15b17215057433d88f1a8e05c723a480b4f8bc56d42185c67bb29a192f435f54345aa0f6d827bd291e53c46a950f2e01151c28b084b7478044bd44009eced8f

Download Submit
memory/944-23-0x000007FEF5D20000-0x000007FEF618E000-memory.dmp

Filesize
4.4MB

Download