ca131c76cc3c4693216823e5f8cd4814b70907f5a6193e8eb058f675de8a111a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-11-2024 20:21

Target

Volcanoids.exe
Size

7.9MB
MD5

0bea6a6b20390b014815e7e3d9e7ef5c
SHA1

e5bda52494385f73641b1b7f16139c09b141f2ef
SHA256

ca131c76cc3c4693216823e5f8cd4814b70907f5a6193e8eb058f675de8a111a
SHA512

7a6f46665e523a5cc9392e477ffadcb47aa5e1c3a96a619c857454b5301438fde2bb54e281407f05c28e47c63983c7e00ccea3d0b64e80ef4785e424ac435e46
SSDEEP

196608:i+HYQ+3wfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jJ:QcIHziK1piXLGVE4Ue0VJN

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2720	Volcanoids.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001948d-22.dat	upx
behavioral1/memory/2720-24-0x000007FEF5B80000-0x000007FEF61E3000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2720	1724	Volcanoids.exe	31
PID 1724 wrote to memory of 2720	1724	Volcanoids.exe	31
PID 1724 wrote to memory of 2720	1724	Volcanoids.exe	31

C:\Users\Admin\AppData\Local\Temp\Volcanoids.exe
"C:\Users\Admin\AppData\Local\Temp\Volcanoids.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\Volcanoids.exe
  "C:\Users\Admin\AppData\Local\Temp\Volcanoids.exe"
  2⤵
  - Loads dropped DLL
  PID:2720

C:\Users\Admin\AppData\Local\Temp\_MEI17242\python313.dll

Filesize
1.8MB

MD5
6ef5d2f77064df6f2f47af7ee4d44f0f

SHA1
0003946454b107874aa31839d41edcda1c77b0af

SHA256
ab7c640f044d2eb7f4f0a4dfe5e719dfd9e5fcd769943233f5cece436870e367

SHA512
1662cc02635d63b8114b41d11ec30a2af4b0b60209196aac937c2a608588fee47c6e93163ea6bf958246c32759ac5c82a712ea3d690e796e2070ac0ff9104266

Download Submit
memory/2720-24-0x000007FEF5B80000-0x000007FEF61E3000-memory.dmp

Filesize
6.4MB

Download
memory/2720-46-0x000007FEF5B80000-0x000007FEF61E3000-memory.dmp

Filesize
6.4MB

Download