b56ac555080fda9f494617edd75cba91cb95efd116cfa20c596f33b88455373a

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 12:52

Target

TokenGen.exe
Size

17.7MB
MD5

07aedf7930906cdcadde1e5c7b1e22fa
SHA1

4224cdb22baf8c3d49eb9d66da97ea63de0acc45
SHA256

b56ac555080fda9f494617edd75cba91cb95efd116cfa20c596f33b88455373a
SHA512

cdb2eeed99420cb0395ec29933b87e72fd9d7aa2987f05a7e6d26af35df0a16f156ee860f85939e6610dd09d2c41cd943f74511c19a57123fa36176b23f50099
SSDEEP

393216:1qPnLFXlrjQpDOETgsvfGYgjepcvEGKNpWLh:sPLFXNjQoERmi1V6

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

TokenGen.exe

pid process

2716 TokenGen.exe

pid	process
2716	TokenGen.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI23442\python310.dll	upx
behavioral1/memory/2716-114-0x000007FEF6010000-0x000007FEF647E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

TokenGen.exe

description	pid	process	target process
PID 2344 wrote to memory of 2716	2344	TokenGen.exe	TokenGen.exe
PID 2344 wrote to memory of 2716	2344	TokenGen.exe	TokenGen.exe
PID 2344 wrote to memory of 2716	2344	TokenGen.exe	TokenGen.exe

C:\Users\Admin\AppData\Local\Temp\TokenGen.exe
"C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\TokenGen.exe
  "C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"
  2⤵
  - Loads dropped DLL
  PID:2716

C:\Users\Admin\AppData\Local\Temp\_MEI23442\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/2716-114-0x000007FEF6010000-0x000007FEF647E000-memory.dmp

Filesize
4.4MB

Download