525b8fde883e9903b0cd843a5ca51812654091378fca17f89eec1e4b0ea85eec

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 17:27

Target

grabber.exe
Size

5.9MB
MD5

f7ca44a6e5c48d709a801c2bc963713c
SHA1

1d004b274e0b48ac3ae5924498c5b79511e26adf
SHA256

525b8fde883e9903b0cd843a5ca51812654091378fca17f89eec1e4b0ea85eec
SHA512

6667f57213f3a4a38da59765592c293542955ff15e6aff7286135536daa55e4202376be7b574b71ed7c95263351b88363dce7b2e1e4f3a06c950d105a57032e7
SSDEEP

98304:y5+4S7SFi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF1zkk8kg4Z4B:yU4SYDOYjJlpZstQoS9Hf12VKXezt8w6

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

grabber.exe

pid process

1508 grabber.exe

pid	process
1508	grabber.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI14482\python310.dll	upx
behavioral1/memory/1508-23-0x000007FEF5C20000-0x000007FEF6085000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

grabber.exe

description	pid	process	target process
PID 1448 wrote to memory of 1508	1448	grabber.exe	grabber.exe
PID 1448 wrote to memory of 1508	1448	grabber.exe	grabber.exe
PID 1448 wrote to memory of 1508	1448	grabber.exe	grabber.exe

C:\Users\Admin\AppData\Local\Temp\grabber.exe
"C:\Users\Admin\AppData\Local\Temp\grabber.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\grabber.exe
  "C:\Users\Admin\AppData\Local\Temp\grabber.exe"
  2⤵
  - Loads dropped DLL
  PID:1508

C:\Users\Admin\AppData\Local\Temp\_MEI14482\python310.dll

Filesize
1.4MB

MD5
b93eda8cc111a5bde906505224b717c3

SHA1
5f1ae1ab1a3c4c023ea8138d4b09cbc1cd8e8f9e

SHA256
efa27cd726dbf3bf2448476a993dc0d5ffb0264032bf83a72295ab3fc5bcd983

SHA512
b20195930967b4dc9f60c15d9ceae4d577b00095f07bd93aa4f292b94a2e5601d605659e95d5168c1c2d85dc87a54d27775f8f20ebcacf56904e4aa30f1affba

Download Submit
memory/1508-23-0x000007FEF5C20000-0x000007FEF6085000-memory.dmp

Filesize
4.4MB

Download
memory/1508-44-0x000007FEF5C20000-0x000007FEF6085000-memory.dmp

Filesize
4.4MB

Download