5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-12-2024 05:18

Target

5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe
Size

5.8MB
MD5

951604a87ebb08dfc865c263d65ec590
SHA1

bbacc1f2038dddd74a691dd07c3cb48090823f4b
SHA256

5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510
SHA512

0b3747519b72a0dc8989c05509a50987621c5ca8c957c3cd70c0eb381320fb2c507e4811559f6ce44cff79faa4bd79712afce63354af81cf8f72445c1bfa9791
SSDEEP

98304:e7mDSRIRHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6ntm2qlTD:e7mDUIRHvUWvozWOxu9kXwvdbDlA03Ne

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2156	5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000193c1-21.dat	upx
behavioral1/memory/2156-23-0x000007FEF5830000-0x000007FEF5C9A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2156	2148	5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe	31
PID 2148 wrote to memory of 2156	2148	5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe	31
PID 2148 wrote to memory of 2156	2148	5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe	31

C:\Users\Admin\AppData\Local\Temp\5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe
"C:\Users\Admin\AppData\Local\Temp\5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe
  "C:\Users\Admin\AppData\Local\Temp\5fc9274dfc3efba1ffeabb3b7a5ab73e1c6de9b5fc9272a3e05adf82890a6510N.exe"
  2⤵
  - Loads dropped DLL
  PID:2156

C:\Users\Admin\AppData\Local\Temp\_MEI21482\python310.dll

Filesize
1.4MB

MD5
b3ae142a88ff3760a852ba7facb901bc

SHA1
ad23e5f2f0cc6415086d8c8273c356d35fa4e3ee

SHA256
2291ce67c4be953a0b7c56d790b6cc8075ec8166b1b2e05d71f684c59fdd91a5

SHA512
3b60b8b7197079d629d01440ed78a589c6a18803cc63cdeac1382dc76201767f18190e694d2c1839a72f6318e39dba6217c48a130903f72e47fa1db504810c1c

Download Submit
memory/2156-23-0x000007FEF5830000-0x000007FEF5C9A000-memory.dmp

Filesize
4.4MB

Download