4134b245f9ba38dc81310242f42f8f8fc9b42865714d47f71cd87d5990a5ebc0

Resubmissions

28-10-2024 18:17

28-10-2024 17:33

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 18:17

Target

AutoDiscorder.exe
Size

80.7MB
MD5

2941d21bc6e92c5104952271e4aa3210
SHA1

4147deee44f28ce68fd31e6585271f31adb3667b
SHA256

c696bc5fe1503ac12820871081779df6aa799511277e52635575dc11ec31d841
SHA512

4a7c55e08d5c1f08c6f8225d0d3970f2b6b6c2f062508cca449c5e51709de55115e59452b6028c764e3dde6eb12676082818f17d51541f28a8d6461a5d62dcbc
SSDEEP

1572864:xXGKlqWLH00hSk8IpG7V+VPhqclE7plifiYgj+h58sMwVerlFGp0cJ5j:wKMmNSkB05awcIwB5Zeru7j

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1252	AutoDiscorder.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/files/0x0003000000020abe-1264.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1252	2492	AutoDiscorder.exe	31
PID 2492 wrote to memory of 1252	2492	AutoDiscorder.exe	31
PID 2492 wrote to memory of 1252	2492	AutoDiscorder.exe	31

C:\Users\Admin\AppData\Local\Temp\AutoDiscorder.exe
"C:\Users\Admin\AppData\Local\Temp\AutoDiscorder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Users\Admin\AppData\Local\Temp\AutoDiscorder.exe
  "C:\Users\Admin\AppData\Local\Temp\AutoDiscorder.exe"
  2⤵
  - Loads dropped DLL
  PID:1252

C:\Users\Admin\AppData\Local\Temp\_MEI24922\python311.dll

Filesize
1.6MB

MD5
546cc5fe76abc35fdbf92f682124e23d

SHA1
5c1030752d32aa067b49125194befee7b3ee985a

SHA256
43bff2416ddd123dfb15d23dc3e99585646e8df95633333c56d85545029d1e76

SHA512
cb75334f2f36812f3a5efd500b2ad97c21033a7a7054220e58550e95c3408db122997fee70a319aef8db6189781a9f2c00a9c19713a89356038b87b036456720

Download Submit
memory/1252-1266-0x000007FEF5FE0000-0x000007FEF65C9000-memory.dmp

Filesize
5.9MB

Download