a3cf3e2f4e08aadefe6465bb9c19e30766375d778ffa0837a08ffbfd43d24fc3

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 16:31

Target

C.WIN_Crack.exe
Size

7.6MB
MD5

44b04397f4917fd985d60e19ee7047ee
SHA1

36e33d3d15c9d1316769854db23e33e448797e0d
SHA256

a3cf3e2f4e08aadefe6465bb9c19e30766375d778ffa0837a08ffbfd43d24fc3
SHA512

2d2135ca7c53e7982c9cb99c0a9091cee8a0091e252918b4507d9ada601c9aae4a32fd20fee0ceb58b86cf76e50c866a794bb83242aac6e17d1aec0016aecdf6
SSDEEP

196608:5ttRjurErvI9pWjgaAnajMsK2CfQCS/OinHC1e:vtRjurEUWjJjYRoPhHYe

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2796	C.WIN_Crack.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000016de0-21.dat	upx
behavioral1/memory/2796-23-0x000007FEF5460000-0x000007FEF5B25000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2796	2892	C.WIN_Crack.exe	30
PID 2892 wrote to memory of 2796	2892	C.WIN_Crack.exe	30
PID 2892 wrote to memory of 2796	2892	C.WIN_Crack.exe	30

C:\Users\Admin\AppData\Local\Temp\C.WIN_Crack.exe
"C:\Users\Admin\AppData\Local\Temp\C.WIN_Crack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\C.WIN_Crack.exe
  "C:\Users\Admin\AppData\Local\Temp\C.WIN_Crack.exe"
  2⤵
  - Loads dropped DLL
  PID:2796

C:\Users\Admin\AppData\Local\Temp\_MEI28922\python312.dll

Filesize
1.7MB

MD5
fb8bedf8440eb432c9f3587b8114abc0

SHA1
136bb4dd38a7f6cb3e2613910607131c97674f7c

SHA256
cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6

SHA512
b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63

Download Submit
memory/2796-23-0x000007FEF5460000-0x000007FEF5B25000-memory.dmp

Filesize
6.8MB

Download