17a1a20884741269ebf3bc8e594192d7a71550ff2db2e95d955f90a57e09a238

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 22:22

Target

ElectronV3/ElectronV3.exe
Size

9.9MB
MD5

fb378cce904aa88ef75e6b3e23d3570c
SHA1

fb0e5807e9f585d6a366b983aecedd33e4db5e1d
SHA256

7ccdd35fed305775ea2ce064c5358aaabc386db052d8d35ada9e49ccc2c779c5
SHA512

3ca77a7a3d6df9f17577344f1d35a67dd5800a9edac6d45d2a88801ebf913dcd6491c788045d82cce18c45a9885de88f36c2483805e445ba065f8157c8f1b31b
SSDEEP

196608:91Rpe1xh0/TLx4hz7DIxygRHvUWvothxjno/w3iFCxHQbRpXI2rWxU0:324TGz7kFRHdqxro/w3uCxHQb9WxH

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

ElectronV3.exe

pid process

2864 ElectronV3.exe

pid	process
2864	ElectronV3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17322\python310.dll	upx
behavioral1/memory/2864-49-0x000007FEF6150000-0x000007FEF65B5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ElectronV3.exe

description	pid	process	target process
PID 1732 wrote to memory of 2864	1732	ElectronV3.exe	ElectronV3.exe
PID 1732 wrote to memory of 2864	1732	ElectronV3.exe	ElectronV3.exe
PID 1732 wrote to memory of 2864	1732	ElectronV3.exe	ElectronV3.exe

C:\Users\Admin\AppData\Local\Temp\ElectronV3\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\ElectronV3\ElectronV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Users\Admin\AppData\Local\Temp\ElectronV3\ElectronV3.exe
  "C:\Users\Admin\AppData\Local\Temp\ElectronV3\ElectronV3.exe"
  2⤵
  - Loads dropped DLL
  PID:2864

C:\Users\Admin\AppData\Local\Temp\_MEI17322\python310.dll

Filesize
1.4MB

MD5
90d5b8ba675bbb23f01048712813c746

SHA1
f2906160f9fc2fa719fea7d37e145156742ea8a7

SHA256
3a7d497d779ff13082835834a1512b0c11185dd499ab86be830858e7f8aaeb3e

SHA512
872c2bf56c3fe180d9b4fb835a92e1dc188822e9d9183aab34b305408bb82fba1ead04711e8ad2bef1534e86cd49f2445d728851206d7899c1a7a83e5a62058e

Download Submit
memory/2864-49-0x000007FEF6150000-0x000007FEF65B5000-memory.dmp

Filesize
4.4MB

Download