e53fdaa8a38620b11936360c960bae53174d91bae90be97e9350c352f90371cd

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 22:22

Target

AdobeDC.exe
Size

45.9MB
MD5

a6440f6546f7f182d409a7bdd4d598d7
SHA1

9cf1957557bd026a1553c363ecf347dabfbfe4d3
SHA256

e53fdaa8a38620b11936360c960bae53174d91bae90be97e9350c352f90371cd
SHA512

65440511cf4ef6c01ffdc83ea1d70b9feaeb5b16a85012eff5e80c14621cc50049e8501fae70e83598e203a110c448c9ddb3a6ab631202cbea9bb841c3ab567f
SSDEEP

786432:d3Vl8Z2tatAj52dkg/IpG7VB8VPhq7EOmWzcY87hLHZrO7RcuFsMRXXg:a2q05Sk8IpG7V+VPhq7E32E79AcubRXX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2980	AdobeDC.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000300000002091b-1109.dat	upx
behavioral1/memory/2980-1111-0x000007FEF5E40000-0x000007FEF62C1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2980	2668	AdobeDC.exe	30
PID 2668 wrote to memory of 2980	2668	AdobeDC.exe	30
PID 2668 wrote to memory of 2980	2668	AdobeDC.exe	30

C:\Users\Admin\AppData\Local\Temp\AdobeDC.exe
"C:\Users\Admin\AppData\Local\Temp\AdobeDC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\AdobeDC.exe
  "C:\Users\Admin\AppData\Local\Temp\AdobeDC.exe"
  2⤵
  - Loads dropped DLL
  PID:2980

C:\Users\Admin\AppData\Local\Temp\_MEI26682\python39.dll

Filesize
1.4MB

MD5
1c4f8d45a40be4f0f4d3aca8b0fed6e5

SHA1
f8d969a39d5c015e9d6ef4588c75c1c1bcadc69e

SHA256
e0af982419570f6e72a939266cbf0c68a8c3bf298822c19700d0c94b646329f7

SHA512
81516dc7ba9f54b4bf847434124b571eae1877dc418463949e454b55f721271b8933a3666c7ff0460aa4570d5fbbb0233e4c3698e68e4c9d640b0611b269c038

Download Submit
memory/2980-1111-0x000007FEF5E40000-0x000007FEF62C1000-memory.dmp

Filesize
4.5MB

Download