0cf7211f99b8aab9d62160266425b6413b4f5050778bbbfcdd916fb1fd57d0d2

Analysis

max time kernel
32s
max time network
34s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 04:28

Target

loader.exe
Size

6.8MB
MD5

778d19faa6797d8b17178812eb873638
SHA1

de7c7c2ff3be333a7ee22e7c1cf544a33c3e50a6
SHA256

46e84b940d02fd62aec006e80b56b52e5cddc86c28e16d959b4837d8b1e1f883
SHA512

db8a06e04c2642c2c5cceddb0adb8c0d131b7867b68bcc5a7625f7cdf74bcdaa298d1bf6f83d341255439eee3d1fbd4edd1a7cc6508f3929e1d44d34783b5d61
SSDEEP

98304:CgkwN+MdA5wqMr4o8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoaZDJ1n6hBnLq:CgV1gB6ylnlPzf+JiJCsmFMvNn6hVv+

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2832	loader.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019c57-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2832	1856	loader.exe	30
PID 1856 wrote to memory of 2832	1856	loader.exe	30
PID 1856 wrote to memory of 2832	1856	loader.exe	30

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Users\Admin\AppData\Local\Temp\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Loads dropped DLL
  PID:2832

C:\Users\Admin\AppData\Local\Temp\_MEI18562\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2832-23-0x000007FEF67C0000-0x000007FEF6DAA000-memory.dmp

Filesize
5.9MB

Download