6bafdb1ed8770dc2aa1f5c4065608efd579852f315fd26ee1a147e7be4791443

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-10-2024 15:40

Target

sp00ferbynz.exe
Size

7.4MB
MD5

40b884fff18892ac99fcd1d0f01a01ff
SHA1

7e538a902b3db7276fb3bae259c0b6751f52c080
SHA256

6bafdb1ed8770dc2aa1f5c4065608efd579852f315fd26ee1a147e7be4791443
SHA512

4e07b2593e331b01205bd2c35a4acce793e7c5a31007847c335346ebb22d3da1548994e26f122392ede9c2e702fa7fb552e693580703a2ad927d59c4fef7e608
SSDEEP

196608:q3YShEvUOshoKMuIkhVastRL5Di3uV1DVA:aYSy8OshouIkPftRL54u3A

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2352	sp00ferbynz.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019d3d-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2352	2208	sp00ferbynz.exe	31
PID 2208 wrote to memory of 2352	2208	sp00ferbynz.exe	31
PID 2208 wrote to memory of 2352	2208	sp00ferbynz.exe	31

C:\Users\Admin\AppData\Local\Temp\sp00ferbynz.exe
"C:\Users\Admin\AppData\Local\Temp\sp00ferbynz.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\sp00ferbynz.exe
  "C:\Users\Admin\AppData\Local\Temp\sp00ferbynz.exe"
  2⤵
  - Loads dropped DLL
  PID:2352

C:\Users\Admin\AppData\Local\Temp\_MEI22082\python311.dll

Filesize
1.6MB

MD5
5f6fd64ec2d7d73ae49c34dd12cedb23

SHA1
c6e0385a868f3153a6e8879527749db52dce4125

SHA256
ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

SHA512
c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

Download Submit
memory/2352-23-0x000007FEF57E0000-0x000007FEF5DC9000-memory.dmp

Filesize
5.9MB

Download