ba9ada271c0e3bb2c53762c41a19f414811f8b3079e107adbb64edbed4b45b53

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
15-11-2024 19:49

Target

sharkbotnetc2.exe
Size

6.9MB
MD5

54797b3e8dac7850a1985866ae500b0d
SHA1

faf0cba6cf510d7bf907a3802506c778381d58a9
SHA256

5e745e0b505d56d135db62d1fb40168905eb7492b75eaa58a8fcea7f9f6e602b
SHA512

787741afee2c9795ac05ce35862aa37a656cfd96edee4324997fbd62cc143559dded94cd08732ce981938dcf3375d77754cd3efb45f719fadec6a9338fdf6ae2
SSDEEP

196608:4aV1FiHB6ylnlPzf+JiJCsmFMvcn6hVvv:AHBRlnlPSa7mmvc+H

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

sharkbotnetc2.exe

pid	Process
2576	sharkbotnetc2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral5/files/0x0006000000018c16-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

sharkbotnetc2.exe

description	pid	Process	procid_target
PID 2092 wrote to memory of 2576	2092	sharkbotnetc2.exe	30
PID 2092 wrote to memory of 2576	2092	sharkbotnetc2.exe	30
PID 2092 wrote to memory of 2576	2092	sharkbotnetc2.exe	30

C:\Users\Admin\AppData\Local\Temp\sharkbotnetc2.exe
"C:\Users\Admin\AppData\Local\Temp\sharkbotnetc2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\sharkbotnetc2.exe
  "C:\Users\Admin\AppData\Local\Temp\sharkbotnetc2.exe"
  2⤵
  - Loads dropped DLL
  PID:2576

C:\Users\Admin\AppData\Local\Temp\_MEI20922\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2576-23-0x000007FEF57A0000-0x000007FEF5D8A000-memory.dmp

Filesize
5.9MB

Download