a89d42269c5af23f0a9de9f2a73898893b3a2cd50db7852d8ed12f2f32dabe75

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 13:29

Target

vpnbestfree.exe
Size

55.9MB
MD5

03f1f45d8155f03ec68793692ebbf935
SHA1

ed4043859c0cca35e73fc6858e300ded5a9fb275
SHA256

a89d42269c5af23f0a9de9f2a73898893b3a2cd50db7852d8ed12f2f32dabe75
SHA512

3022c61b0fd59434ea93a41317eebc3292f91eebd30d46ee6b3c95e0d2a75747cf9bf335449f944765f5ace8958f8a3dbc797af6027cf4f694f7d6cf35e6fad3
SSDEEP

1572864:CGKlKWLhsmwSk8IpG7V+VPhqclE7pliUerNcxob:LKo+smwSkB05awcIwUeryub

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2208	vpnbestfree.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a9c-1161.dat	upx
behavioral1/memory/2208-1163-0x000007FEF5D20000-0x000007FEF6309000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2208	2240	vpnbestfree.exe	30
PID 2240 wrote to memory of 2208	2240	vpnbestfree.exe	30
PID 2240 wrote to memory of 2208	2240	vpnbestfree.exe	30

C:\Users\Admin\AppData\Local\Temp\vpnbestfree.exe
"C:\Users\Admin\AppData\Local\Temp\vpnbestfree.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\vpnbestfree.exe
  "C:\Users\Admin\AppData\Local\Temp\vpnbestfree.exe"
  2⤵
  - Loads dropped DLL
  PID:2208

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python311.dll

Filesize
1.6MB

MD5
546cc5fe76abc35fdbf92f682124e23d

SHA1
5c1030752d32aa067b49125194befee7b3ee985a

SHA256
43bff2416ddd123dfb15d23dc3e99585646e8df95633333c56d85545029d1e76

SHA512
cb75334f2f36812f3a5efd500b2ad97c21033a7a7054220e58550e95c3408db122997fee70a319aef8db6189781a9f2c00a9c19713a89356038b87b036456720

Download Submit
memory/2208-1163-0x000007FEF5D20000-0x000007FEF6309000-memory.dmp

Filesize
5.9MB

Download