899517a9868cd13a0598c60129bc8050a0d5afc6259c9108a59c8a7f26a1e2ed

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/11/2024, 06:10

Target

Pvt Hooks/injector.exe
Size

7.5MB
MD5

5ac349d31df2f8659f3cbafb6c364d63
SHA1

6b897500c22044917fae28b0bfacdf06fb2c9a81
SHA256

38fe07cf164f35010e97497f66a0435b77b625e69a4c211c8c3b111c4afedf5a
SHA512

dea18006743d2e2abfd647f43d24e263aa3725eed1e61b53610fa4f85b7882aced03122dfb7c002e78930772a264befe03568404b62ca50cf290f4734bcf7bb2
SSDEEP

196608:eNxHcLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1ju:GsL+9qz8LD7fEUbiIqQgpu

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2276	injector.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral7/files/0x0006000000016d73-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2276	2328	injector.exe	31
PID 2328 wrote to memory of 2276	2328	injector.exe	31
PID 2328 wrote to memory of 2276	2328	injector.exe	31

C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe
"C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe
  "C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe"
  2⤵
  - Loads dropped DLL
  PID:2276

C:\Users\Admin\AppData\Local\Temp\_MEI23282\python312.dll

Filesize
1.7MB

MD5
86d9b8b15b0340d6ec235e980c05c3be

SHA1
a03bdd45215a0381dcb3b22408dbc1f564661c73

SHA256
12dbbcd67015d6cdb680752184107b7deb84e906b0e8e860385f85d33858a5f6

SHA512
d360cc3f00d90fd04cbba09d879e2826968df0c1fdc44890c60b8450fe028c3e767450c3543c62d4f284fb7e004a9a33c52538c2279221ee6cbdb1a9485f88b2

Download Submit
memory/2276-23-0x000007FEF55B0000-0x000007FEF5C80000-memory.dmp

Filesize
6.8MB

Download