2a7bbfcf72ac2ba1d70b42481809113979f2999bedee9ec2a860a3e1c51994b6

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-12-2024 08:30

Target

ZEHAHAHA.exe
Size

30.4MB
MD5

d3daed0c9c1f809601ea7683b007380c
SHA1

1b46c16855ea23e22c6ec45444241a55bc58cef6
SHA256

2a7bbfcf72ac2ba1d70b42481809113979f2999bedee9ec2a860a3e1c51994b6
SHA512

0da2c32e73132af01096a0f89009e697a6dfb2b30a3a0b740e809accddedefb731a9beebd25a8c21ca363f7be1660f8e90527f64c0397e2c8c9901199cc9b5d8
SSDEEP

786432:e+iIZUW8rm1NddbOzcY8761MZ6deV8v0W5w68gv/FvM+0:I5WqmddCE7tdhW7/K+

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2524	ZEHAHAHA.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020984-1109.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2524	2092	ZEHAHAHA.exe	31
PID 2092 wrote to memory of 2524	2092	ZEHAHAHA.exe	31
PID 2092 wrote to memory of 2524	2092	ZEHAHAHA.exe	31

C:\Users\Admin\AppData\Local\Temp\ZEHAHAHA.exe
"C:\Users\Admin\AppData\Local\Temp\ZEHAHAHA.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\ZEHAHAHA.exe
  "C:\Users\Admin\AppData\Local\Temp\ZEHAHAHA.exe"
  2⤵
  - Loads dropped DLL
  PID:2524

C:\Users\Admin\AppData\Local\Temp\_MEI20922\python312.dll

Filesize
1.7MB

MD5
36e9be7e881d1dc29295bf7599490241

SHA1
5b6746aedac80f0e6f16fc88136bcdcbd64b3c65

SHA256
ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e

SHA512
090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf

Download Submit
memory/2524-1111-0x000007FEF6630000-0x000007FEF6CF5000-memory.dmp

Filesize
6.8MB

Download