be95ad148b9ac11f653db6e748da23f4d01c2c54de4678f5f377f5779cbe8b72

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 23:45

Target

Greber/Create app.exe
Size

6.9MB
MD5

daf401bcb8798795f4ef6b97845cdc97
SHA1

469cc0adc7b457fff82ff9db7dd00d8dd142e62d
SHA256

87ff9011222048726911a86de021f2787d3fbba758ad3c97b9ab72461b4574af
SHA512

f35f9de788ce9fdc9ee5d88fd1e186c83f5b91f2ed5da55202d08bd3e8fae3396409081639f4b728a8413853d88e4824af533a2cede79edd47f703184cd6f1d7
SSDEEP

98304:+a+vITBg6gHamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkzmas5J1n6ksB0rNHMo:+VIsqeNlpYfMQc2sEhn6ksqV

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2020	Create app.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a0da-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2020	2644	Create app.exe	31
PID 2644 wrote to memory of 2020	2644	Create app.exe	31
PID 2644 wrote to memory of 2020	2644	Create app.exe	31

C:\Users\Admin\AppData\Local\Temp\Greber\Create app.exe
"C:\Users\Admin\AppData\Local\Temp\Greber\Create app.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\Greber\Create app.exe
  "C:\Users\Admin\AppData\Local\Temp\Greber\Create app.exe"
  2⤵
  - Loads dropped DLL
  PID:2020

C:\Users\Admin\AppData\Local\Temp\_MEI26442\python311.dll

Filesize
1.6MB

MD5
64fe8415b07e0d06ce078d34c57a4e63

SHA1
dd327f1a8ca83be584867aee0f25d11bff820a3d

SHA256
5d5161773b5c7cc15bde027eabc1829c9d2d697903234e4dd8f7d1222f5fe931

SHA512
55e84a5c0556dd485e7238a101520df451bb7aab7d709f91fdb0709fad04520e160ae394d79e601726c222c0f87a979d1c482ac84e2b037686cde284a0421c4d

Download Submit
memory/2020-23-0x000007FEF6970000-0x000007FEF6F59000-memory.dmp

Filesize
5.9MB

Download