b2c0ebca0bacbbb59cf6dd34968dfdece92679118dd99166c46a75c9c257913a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 16:35

Target

hahaha.exe
Size

11.0MB
MD5

70eddf38a3fca6993bae49a1f20a1b5e
SHA1

ac168e6b039c45ce6dfb67766d5fcff284525430
SHA256

b2c0ebca0bacbbb59cf6dd34968dfdece92679118dd99166c46a75c9c257913a
SHA512

ba8482eddfcd2ce49ae28b487c8cd39ac26817e0eb89a52836b2f151a7eb31d52e186306d08d55b7e442ce7392c1d3184517287b672c2ca0c38debeeb6df9759
SSDEEP

196608:GxLQkWwuLUhJb3tQk5tZurErvI9pWj+sgX3ZdahF0wB1AajZYEHk9QtQTmWVJxk:kNhh7v5tZurEUWj/gXe7bxES63a

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2872	hahaha.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a48c-53.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2872	2436	hahaha.exe	30
PID 2436 wrote to memory of 2872	2436	hahaha.exe	30
PID 2436 wrote to memory of 2872	2436	hahaha.exe	30

C:\Users\Admin\AppData\Local\Temp\hahaha.exe
"C:\Users\Admin\AppData\Local\Temp\hahaha.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\hahaha.exe
  "C:\Users\Admin\AppData\Local\Temp\hahaha.exe"
  2⤵
  - Loads dropped DLL
  PID:2872

C:\Users\Admin\AppData\Local\Temp\_MEI24362\python312.dll

Filesize
1.7MB

MD5
01be3c75babc89c73e1f97286e2d254a

SHA1
bc54e991fbcccbca12159da53757f3e0739074dc

SHA256
ceced46d2deb9e7a1c74819cd5cad12c7bc291c163f292c7581eb35b50e97936

SHA512
6712adeaaecf511186ccc12a3dfce6221c1eeab498222ada5d4626abfe52520d55acd515fbc2c1b2791b8cdb45e585741c6349808a4e83b8aaba24c69a08ce52

Download Submit
memory/2872-55-0x000007FEF5820000-0x000007FEF5EE4000-memory.dmp

Filesize
6.8MB

Download