55507d003633f3c4db747807e01c4347a07b86c3dbb19628a0d835983ebb96f0

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 19:37

Target

Order.exe
Size

9.5MB
MD5

4ce14595cf4f1c9bed8a8c99585cba2b
SHA1

7e6ffd080f6b486db730a28a10fc9ca55135ded6
SHA256

55507d003633f3c4db747807e01c4347a07b86c3dbb19628a0d835983ebb96f0
SHA512

df9a0c982d8491bdf64e443fc72e722ec96aab653e43b6e7a44078e8fec4d6da1b777156d225d31da69b4e34ed75fd01b30f504e86cc3aaf145374463ecbd8c1
SSDEEP

196608:0nosmNYCSwLRXgWPmpzdhqipHUeNrMx+yAiWfRqHpdorwDfhD44+y:/sIr5L1V8dNLra7QfR6pNpn+

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

Order.exe

pid	Process
2788	Order.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/files/0x0005000000019426-41.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Order.exe

description	pid	Process	procid_target
PID 2448 wrote to memory of 2788	2448	Order.exe	31
PID 2448 wrote to memory of 2788	2448	Order.exe	31
PID 2448 wrote to memory of 2788	2448	Order.exe	31

C:\Users\Admin\AppData\Local\Temp\Order.exe
"C:\Users\Admin\AppData\Local\Temp\Order.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Users\Admin\AppData\Local\Temp\Order.exe
  "C:\Users\Admin\AppData\Local\Temp\Order.exe"
  2⤵
  - Loads dropped DLL
  PID:2788

C:\Users\Admin\AppData\Local\Temp\_MEI24482\python310.dll

Filesize
1.5MB

MD5
943cccf0765fcf56c27d6fa3cfed2498

SHA1
cfdc1e21e30d166fa9e158c2c1605624661176ce

SHA256
44a795c113dc61253e980eb73bcd89b4f89da13a762046dda7fc7805c16b588f

SHA512
606d3320ea4c5fc83e25ab3a3a64c2aa472b9a6014993c8e1c7f9e6d4fc9ee9694843c55692fc201cff11fb7c05a94682a57389bd45c235cd7b9d9f22b65f297

Download Submit
memory/2788-43-0x000007FEF5B70000-0x000007FEF5FDF000-memory.dmp

Filesize
4.4MB

Download