57b4c42dcd7a89b22494a5283df8347e433acf801b25a24a4df0b0438c50f617

Analysis

max time kernel
361s
max time network
364s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-11-2024 18:32

Target

Control.exe
Size

76.7MB
MD5

8595e8c0b9c5f3dc2d1443b3cd188ea8
SHA1

ff96b392dc31a92011357c1ab4ebd61e58a017cf
SHA256

57b4c42dcd7a89b22494a5283df8347e433acf801b25a24a4df0b0438c50f617
SHA512

de24d4eb35ea5989ddef35882bd04a72f5f4038cd7a1f4de5460205f3901cf6c2331176b6d485660ea8a8dc7323d1419b1af496a45c07870c8d094fdbd6d7f0f
SSDEEP

1572864:YvlxWf0hSk8IpG7V+VPhqYdIFE7+lhzmiYweyJulZUdgsh/0rLamCV37U:YvjnSkB05awcInLfpuIh8rWVo

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2148	Control.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a96-1267.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2148	2296	Control.exe	28
PID 2296 wrote to memory of 2148	2296	Control.exe	28
PID 2296 wrote to memory of 2148	2296	Control.exe	28

C:\Users\Admin\AppData\Local\Temp\Control.exe
"C:\Users\Admin\AppData\Local\Temp\Control.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\Control.exe
  "C:\Users\Admin\AppData\Local\Temp\Control.exe"
  2⤵
  - Loads dropped DLL
  PID:2148

C:\Users\Admin\AppData\Local\Temp\_MEI22962\python312.dll

Filesize
1.7MB

MD5
ca67f0baf3cc3b7dbb545cda57ba3d81

SHA1
5b4e36aef877307af8a8f78f3054d068d1a9ce89

SHA256
f804ed205e82003da6021ee6d2270733ca00992816e7e89ba13617c96dd0fba3

SHA512
a9f07dd02714c3efba436326425d443969018ace7ebd7cc33c39d43e3d45480a4fcd4c46c09ad132b4f273888f13e9f598de257130429fcb2519c000e4fab6f7

Download Submit
memory/2148-1269-0x000007FEF5910000-0x000007FEF5FD5000-memory.dmp

Filesize
6.8MB

Download