ffbf1d7b55600e6c916539794670b7ba8bc4adfc2ecaaf969cda0835138919a1

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 17:26

Target

spoofer.exe
Size

80.7MB
MD5

b915bef7cffd48dfd485d2a85791de47
SHA1

1c67c73373e9cefc579db0d469142e1d517f06d6
SHA256

ffbf1d7b55600e6c916539794670b7ba8bc4adfc2ecaaf969cda0835138919a1
SHA512

a558c32a566e919e4dec4c4e1f654449d2cfbdba2cea9529bfa7549a693fd5a816689db20437daea3efd0e7b3e537eca72c5adb210df592f4f437cf67c867d7d
SSDEEP

1572864:QPJlLWLN0RSk8IpG7V+VPhq9AE7DliriYgj+h58sMwierSipjcJ5j:EJNfSkB05aw9Zwl5eerTgj

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2060	spoofer.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a71-1263.dat	upx
behavioral1/memory/2060-1265-0x000007FEF5C80000-0x000007FEF6269000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2060	2980	spoofer.exe	30
PID 2980 wrote to memory of 2060	2980	spoofer.exe	30
PID 2980 wrote to memory of 2060	2980	spoofer.exe	30

C:\Users\Admin\AppData\Local\Temp\spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\spoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\spoofer.exe
  "C:\Users\Admin\AppData\Local\Temp\spoofer.exe"
  2⤵
  - Loads dropped DLL
  PID:2060

C:\Users\Admin\AppData\Local\Temp\_MEI29802\python311.dll

Filesize
1.6MB

MD5
a70d5250a7878d930c92c08abd2acf5c

SHA1
0c9526cb8aaf011655decf5f8037b4ea562db71f

SHA256
1777007bcbec5c5daa8c4068b181216def54ac53eb2f6994b2fcb01edd74d03a

SHA512
08bf354cc9a16c7103173edd71abb1d91b7865adffc8c1ceb085c9f807f73b5b0ab37e70071f17166fdcce8ab0d5647060638a525090cc2544498537834e7afd

Download Submit
memory/2060-1265-0x000007FEF5C80000-0x000007FEF6269000-memory.dmp

Filesize
5.9MB

Download