a6f7f3c423b90ec1d55a30f9192569fb4dc04415afb37086782ac69fe3607c48

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 19:50

Target

WaveGeneratorApp.exe
Size

11.4MB
MD5

3c49a0acaaba6dae67f5c8e83990427a
SHA1

d8c40452b6d66e5f066fba6e07465e91fdfabf8e
SHA256

453095bb53ea993d8e3b11eaab560c83cee434dbb93e1268ed68be99f5d64152
SHA512

e3531e915589543c7d167e3acd5cceb644a253e2842d5f70de9fcd6613483d848244d247ccbd8997a58e34cbe3ed20cc313476d5dfac6c127ebbb225876031f5
SSDEEP

196608:EShGreGJb3tQk5tSOshoKMuIkhVAastRL5DicJUGc1K7kC8Gx:HhGL7v5tSOshouIkPAftRL5dYY8Gx

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

WaveGeneratorApp.exe

pid process

2848 WaveGeneratorApp.exe

pid	process
2848	WaveGeneratorApp.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI21002\python311.dll	upx
behavioral1/memory/2848-53-0x000007FEF63E0000-0x000007FEF69C9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

WaveGeneratorApp.exe

description	pid	process	target process
PID 2100 wrote to memory of 2848	2100	WaveGeneratorApp.exe	WaveGeneratorApp.exe
PID 2100 wrote to memory of 2848	2100	WaveGeneratorApp.exe	WaveGeneratorApp.exe
PID 2100 wrote to memory of 2848	2100	WaveGeneratorApp.exe	WaveGeneratorApp.exe

C:\Users\Admin\AppData\Local\Temp\WaveGeneratorApp.exe
"C:\Users\Admin\AppData\Local\Temp\WaveGeneratorApp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\WaveGeneratorApp.exe
  "C:\Users\Admin\AppData\Local\Temp\WaveGeneratorApp.exe"
  2⤵
  - Loads dropped DLL
  PID:2848

C:\Users\Admin\AppData\Local\Temp\_MEI21002\python311.dll

Filesize
1.6MB

MD5
c3de98791123bb12b315e2b4ce408d3b

SHA1
95c36944c9a4e8bb05a32e882835cac9c030c053

SHA256
98a51eca014369411df0980acbc16207d0de76c8adcd67fc27e1aa5e2f7731bb

SHA512
91651c0d5a1f55d296791aedb1594fe6b546dd16b7801af1ffa580486c99421f156ac86ccd5e22eacb7ad93fe8d3d909d50c9cc013e2618a29db8bf22183f9bc

Download Submit
memory/2848-53-0x000007FEF63E0000-0x000007FEF69C9000-memory.dmp

Filesize
5.9MB

Download