45a46643891dcbb79127ad3d95969a975d5e409413fb9c3633491affc182f8f3

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
29-10-2024 14:23

Target

main.exe
Size

36.5MB
MD5

6f5cb1668158f94f78a0a4b61a3c206c
SHA1

e677d189b7a92f847d6e3f656d3bbb48633622a7
SHA256

45a46643891dcbb79127ad3d95969a975d5e409413fb9c3633491affc182f8f3
SHA512

9d82f1549a05844e886c8e112eea4466a5c754bf7e299feac7f1629e91a6923e3edb41762e5162eee2ea08ba8f27589e5bcf301d03ae332cc5037222edaac63c
SSDEEP

786432:s8MdYj/rmTVKqB2cYrlyaBa5/X3QSPTvoIkQr7PniKN6:3jiTkrlyzX3QSPZDrWK0

Score

7^/10

upx

pid	process
2756	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI27122\python310.dll	upx
behavioral1/memory/2756-14-0x000007FEF5C20000-0x000007FEF6086000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

main.exe

description	pid	process	target process
PID 2712 wrote to memory of 2756	2712	main.exe	main.exe
PID 2712 wrote to memory of 2756	2712	main.exe	main.exe
PID 2712 wrote to memory of 2756	2712	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2756

C:\Users\Admin\AppData\Local\Temp\_MEI27122\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
memory/2756-14-0x000007FEF5C20000-0x000007FEF6086000-memory.dmp

Filesize
4.4MB

Download