6b49c0ddf0fead611a6f8c2740954954b8523c116e9da25acc641cdbc8d0fbc8

Analysis

max time kernel
837s
max time network
838s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
27/11/2024, 08:10

Target

cracked.exe
Size

6.9MB
MD5

bc20138fe2418c809b3381e81e6b0ce0
SHA1

e96b50d01639388d4bca60d31924850ceb368452
SHA256

6b49c0ddf0fead611a6f8c2740954954b8523c116e9da25acc641cdbc8d0fbc8
SHA512

eabf7004f7c87c55f4ace8531ef3b27a5bdb5630e69b52aae2431147156a61e5576fac1c8d7d210b2d8cc740d465893cdb3d46624ffa07675da11007ad8cee93
SSDEEP

98304:1uDjWM8JEE1FIVTVamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhE+:1u0iV0eNTfm/pf+xk4dWRpmrbW3jmrb

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2404	cracked.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019509-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2404	1628	cracked.exe	31
PID 1628 wrote to memory of 2404	1628	cracked.exe	31
PID 1628 wrote to memory of 2404	1628	cracked.exe	31

C:\Users\Admin\AppData\Local\Temp\cracked.exe
"C:\Users\Admin\AppData\Local\Temp\cracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\cracked.exe
  "C:\Users\Admin\AppData\Local\Temp\cracked.exe"
  2⤵
  - Loads dropped DLL
  PID:2404

C:\Users\Admin\AppData\Local\Temp\_MEI16282\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
memory/2404-23-0x000007FEF60B0000-0x000007FEF6698000-memory.dmp

Filesize
5.9MB

Download