cfda23426d70db7fd1e68990532d0373ca9c9348a2e0e82b33a0f7589b43da34

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 14:47

Target

doxtool.exe
Size

75.7MB
MD5

e661a12400a3bb7cc003004c823c07b3
SHA1

48972d49d95345bca7f75b917135c141afbc0f29
SHA256

cfda23426d70db7fd1e68990532d0373ca9c9348a2e0e82b33a0f7589b43da34
SHA512

ec61c7b9b90e6b476acdd1eeed23f84127b37b83c55b1b63505524939f5b90608ea542c42bb8bda5a96c7918f487c32bf1c7a17f1555fdcef2f432284058cbc3
SSDEEP

1572864:F8VlgMWA03Sk8IpG7V+VPhqWK8uE7WxlK8iY4MHHLeqPNLtDSaRZjeq+:FK/SSkB05awWK8mxMXMHVLtxR8q

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2008	doxtool.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a47-1260.dat	upx
behavioral1/memory/2008-1262-0x000007FEF5E50000-0x000007FEF62B6000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2008	2360	doxtool.exe	30
PID 2360 wrote to memory of 2008	2360	doxtool.exe	30
PID 2360 wrote to memory of 2008	2360	doxtool.exe	30

C:\Users\Admin\AppData\Local\Temp\doxtool.exe
"C:\Users\Admin\AppData\Local\Temp\doxtool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\doxtool.exe
  "C:\Users\Admin\AppData\Local\Temp\doxtool.exe"
  2⤵
  - Loads dropped DLL
  PID:2008

C:\Users\Admin\AppData\Local\Temp\_MEI23602\python310.dll

Filesize
1.4MB

MD5
b805cebb0242b3bbfe810a19c2b44e3d

SHA1
62d71b686b64e6efd58852a5e59f4b00cec18f30

SHA256
2d2d5746d6a066fcc3e7b8c041ffb7c7722c14b148aed923387dbacc951d732b

SHA512
d46a5b3274aed182d30647d461d1dc7bd2599a43b1914d5a5e882c4298ecf4f11c64272db351257f836806ae55d5f1a0c1369f4159df09c8d7aea9a52d2e1acd

Download Submit
memory/2008-1262-0x000007FEF5E50000-0x000007FEF62B6000-memory.dmp

Filesize
4.4MB

Download