78d034e0ae926ef07622d3996b628f13b7132bbd8871c1988c38d4edb5c4ee93

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 23:47

Target

build.exe
Size

80.7MB
MD5

f8176b8ba45b99600d329406b8c892ef
SHA1

b28aed023639fb9155c1b326f3bfcc278730e76a
SHA256

78d034e0ae926ef07622d3996b628f13b7132bbd8871c1988c38d4edb5c4ee93
SHA512

aa9df7375d5d1ba27e00a18a44723439cb6731b40bf171c10d5784d403207605a3ba22a3728c31d1bf750ebda0b17a7f49b38ba76fbb902ac863ef555fded74d
SSDEEP

1572864:OGKlgWj60hSk8IpG7V+VPhqHJE7bbli08iYgj+h58sMw5D7Zcj:fKiQSkB05awHAw0259H

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2272	build.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a90-1264.dat	upx
behavioral1/memory/2272-1266-0x000007FEF57B0000-0x000007FEF5D98000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2272	2384	build.exe	30
PID 2384 wrote to memory of 2272	2384	build.exe	30
PID 2384 wrote to memory of 2272	2384	build.exe	30

C:\Users\Admin\AppData\Local\Temp\build.exe
"C:\Users\Admin\AppData\Local\Temp\build.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\build.exe
  "C:\Users\Admin\AppData\Local\Temp\build.exe"
  2⤵
  - Loads dropped DLL
  PID:2272

C:\Users\Admin\AppData\Local\Temp\_MEI23842\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
memory/2272-1266-0x000007FEF57B0000-0x000007FEF5D98000-memory.dmp

Filesize
5.9MB

Download