cee68a6283a15f03da36387a828e21d1e0c2118362e16aa0a4434a4d8ae173d5

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/11/2024, 17:52 UTC

Target

Setup.exe
Size

80.0MB
MD5

fd2819916f72c31cfe90bf0a4813b675
SHA1

e425bfe12015c2680583dd7d6741e9c8ffa832d0
SHA256

cee68a6283a15f03da36387a828e21d1e0c2118362e16aa0a4434a4d8ae173d5
SHA512

7294f27066bc52a82f40e4c15da5b24497de8c3b16f44e1b2170659f6658483aa395f91d2899aa923900fe2e9f0fec9742007be64c0459a19cbab69058f77850
SSDEEP

1572864:LGKlEWpO0hSk8IpG7V+VPhqYdf3xTivfSl6li0T5TPxfTcrb5try0mDXo4V:SKewbSkB05awcf3xen+6wKy5tryXXo0

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2004	Setup.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020abc-1257.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2004	1728	Setup.exe	31
PID 1728 wrote to memory of 2004	1728	Setup.exe	31
PID 1728 wrote to memory of 2004	1728	Setup.exe	31

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Loads dropped DLL
  PID:2004

C:\Users\Admin\AppData\Local\Temp\_MEI17282\python311.dll

Filesize
1.6MB

MD5
548809b87186356c7ac6421562015915

SHA1
8fa683eed7f916302c2eb1a548c12118bea414fa

SHA256
6c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1

SHA512
c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc

Download Submit
memory/2004-1259-0x000007FEF63C0000-0x000007FEF69B2000-memory.dmp

Filesize
5.9MB

Download