fdb9f742ec550af9a8ca330f0a1d3aa012b1df6348e8182a52b6aac0f74a781b

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 00:19

Target

ElectronV3.exe
Size

10.1MB
MD5

f625137a53ba0cb8cedb8185be877581
SHA1

343cb28c637aba4b058d0d0ad9b2a527ef596dcf
SHA256

fdb9f742ec550af9a8ca330f0a1d3aa012b1df6348e8182a52b6aac0f74a781b
SHA512

1e1bd65c14fcf64f2325dc54a38c1507cfadeeca1be126d6efc87301a4105b97657a59e9ed688fee20b171d0e2cef9693d6f0291acb5dcd2d37b898169d61b69
SSDEEP

196608:/yKypefxZlJ/TLx4hz7DIxyseNaHFJMIDJ+gsAGKkRrDTNfPT:qY7bTGz7kc6Fqy+gs17l

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2724	ElectronV3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a494-47.dat	upx
behavioral1/memory/2724-49-0x000007FEF5850000-0x000007FEF5CBE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2724	2532	ElectronV3.exe	31
PID 2532 wrote to memory of 2724	2532	ElectronV3.exe	31
PID 2532 wrote to memory of 2724	2532	ElectronV3.exe	31

C:\Users\Admin\AppData\Local\Temp\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\ElectronV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\ElectronV3.exe
  "C:\Users\Admin\AppData\Local\Temp\ElectronV3.exe"
  2⤵
  - Loads dropped DLL
  PID:2724

C:\Users\Admin\AppData\Local\Temp\_MEI25322\python310.dll

Filesize
1.4MB

MD5
fc7bd515b12e537a39dc93a09b3eaad6

SHA1
96f5d4b0967372553cb106539c5566bc184f6167

SHA256
461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164

SHA512
a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122

Download Submit
memory/2724-49-0x000007FEF5850000-0x000007FEF5CBE000-memory.dmp

Filesize
4.4MB

Download