d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 06:17

Target

d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe
Size

7.0MB
MD5

cb91eb2746a192f97491605bb0a5a111
SHA1

0b3af664a400b75aa4c0f2aa39d8690c47cd5f6f
SHA256

d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d
SHA512

9a3daa6435e3bfd94aec4abb009302041f31c1e8191007024c08ba8b104c2702a4744e5f5aefcf24a3e48929bd0f8642f07f4d75d2fff8a215df39250206c120
SSDEEP

196608:veVhMYpwfI9j2i4H1qSiXLGVi7DnStHuQJTMRRccxw:WVOIEiK1piXLGVEutHbJTeK

Score

7^/10

upx

Loads dropped DLL 2 IoCs

Processes:

d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe

pid	process
2572	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe
2572	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI24042\python313.dll	upx
behavioral1/memory/2572-56-0x000007FEF57F0000-0x000007FEF5E53000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe

description	pid	process	target process
PID 2404 wrote to memory of 2572	2404	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe
PID 2404 wrote to memory of 2572	2404	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe
PID 2404 wrote to memory of 2572	2404	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe	d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe

C:\Users\Admin\AppData\Local\Temp\d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe
"C:\Users\Admin\AppData\Local\Temp\d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe
  "C:\Users\Admin\AppData\Local\Temp\d9cc8097cc5d74d11d9113492013d91daf4d1d1a03e71110c361701af4fd2f8d.exe"
  2⤵
  - Loads dropped DLL
  PID:2572

C:\Users\Admin\AppData\Local\Temp\_MEI24042\python313.dll

Filesize
1.8MB

MD5
964b6cf2652c6b6b6c60341ec734c7bd

SHA1
5be70b89c02db4d8f8f6cb7bd12e8dbf29bd891d

SHA256
062a7f0caf781233207bcbfeee47e0ed367f408baf5e1463ffd1c1f9014a781c

SHA512
735d6b1a3ec09cb09259a6f9161851be4b06854882a94a79c8141e7a7bbf938bc58d9f46c82171cbc3237ff9e1067a347588d674261c1d621755afa8fbb9f3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24042\ucrtbase.dll

Filesize
1.3MB

MD5
51ba3b7ad9752d4c01a8c3ee66877f7f

SHA1
c46e48ae32c9ad383837857a8285031d85445ed8

SHA256
c43e5b334a71341c639912ed40bd0029edc283d96a36958f4b33d1c010fe04bc

SHA512
2d0bfb6ed37521cdb0c1af9d27a98e6d62a60920a6562692a709dce2b13a9a9b770be56938411d4989a1ae101828e6a5fd5b1513af7cdcf858c44a97a2932933

Download Submit
memory/2572-56-0x000007FEF57F0000-0x000007FEF5E53000-memory.dmp

Filesize
6.4MB

Download