fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 08:42

Target

fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe
Size

7.0MB
MD5

d40b9b0955f64367b336cffed79961d1
SHA1

9003fed4306ae89e79c4893ab271b0ed5c15e4fe
SHA256

fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2
SHA512

048f1773ac4fdc2a95b4a1b9f21c741782bc31a016d3b4e82a327c5f66b749186e63506bb0efbb4d6b39231ed0278e90dd5e05ba203aef5fef35ce40c83e60d8
SSDEEP

196608:SeVhMYpwfI9j2i4H1qSiXLGVi7DnStHuQJTMRRccx:JVOIEiK1piXLGVEutHbJTe

Score

7^/10

upx

Loads dropped DLL 2 IoCs

Processes:

fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe

pid	Process
1784	fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe
1784	fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/files/0x000500000001a454-54.dat	upx
behavioral1/memory/1784-56-0x000007FEF61F0000-0x000007FEF6853000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe

description	pid	Process	procid_target
PID 1476 wrote to memory of 1784	1476	fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe	30
PID 1476 wrote to memory of 1784	1476	fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe	30
PID 1476 wrote to memory of 1784	1476	fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe	30

C:\Users\Admin\AppData\Local\Temp\fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe
"C:\Users\Admin\AppData\Local\Temp\fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Users\Admin\AppData\Local\Temp\fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe
  "C:\Users\Admin\AppData\Local\Temp\fb2acb529ea59742777f6a2f4b9e4350ca46e05c33918032a24cb0deb4a780a2.exe"
  2⤵
  - Loads dropped DLL
  PID:1784

C:\Users\Admin\AppData\Local\Temp\_MEI14762\python313.dll

Filesize
1.8MB

MD5
964b6cf2652c6b6b6c60341ec734c7bd

SHA1
5be70b89c02db4d8f8f6cb7bd12e8dbf29bd891d

SHA256
062a7f0caf781233207bcbfeee47e0ed367f408baf5e1463ffd1c1f9014a781c

SHA512
735d6b1a3ec09cb09259a6f9161851be4b06854882a94a79c8141e7a7bbf938bc58d9f46c82171cbc3237ff9e1067a347588d674261c1d621755afa8fbb9f3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14762\ucrtbase.dll

Filesize
1.3MB

MD5
51ba3b7ad9752d4c01a8c3ee66877f7f

SHA1
c46e48ae32c9ad383837857a8285031d85445ed8

SHA256
c43e5b334a71341c639912ed40bd0029edc283d96a36958f4b33d1c010fe04bc

SHA512
2d0bfb6ed37521cdb0c1af9d27a98e6d62a60920a6562692a709dce2b13a9a9b770be56938411d4989a1ae101828e6a5fd5b1513af7cdcf858c44a97a2932933

Download Submit
memory/1784-56-0x000007FEF61F0000-0x000007FEF6853000-memory.dmp

Filesize
6.4MB

Download