2b48a65306f5b0c5cc4d23e902277c067f3a288892771bc7dffd225882214295

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 04:18

Target

accgen.exe
Size

7.5MB
MD5

a67d509f43e7644fc0e19982afb5e78b
SHA1

e7793b425aaf522ae16e46d1b1208ff47b795e6c
SHA256

2b48a65306f5b0c5cc4d23e902277c067f3a288892771bc7dffd225882214295
SHA512

2aac62fafb430156b17f69bcca4b3e6f16a05eb42ed895e2ce10e0cd14e114cffb92c6328660460f01c132acc168e345db91a5ecf3856f8b98ca29b08ff7ee22
SSDEEP

196608:afQCwVUurErvI9pWjgN3ZdahF0pbH1AY7WtQsNo/03vC1n:nVUurEUWjqeWx06rYYn

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2460	accgen.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019250-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2460	2416	accgen.exe	30
PID 2416 wrote to memory of 2460	2416	accgen.exe	30
PID 2416 wrote to memory of 2460	2416	accgen.exe	30

C:\Users\Admin\AppData\Local\Temp\accgen.exe
"C:\Users\Admin\AppData\Local\Temp\accgen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\accgen.exe
  "C:\Users\Admin\AppData\Local\Temp\accgen.exe"
  2⤵
  - Loads dropped DLL
  PID:2460

C:\Users\Admin\AppData\Local\Temp\_MEI24162\python312.dll

Filesize
1.7MB

MD5
18677d48ba556e529b73d6e60afaf812

SHA1
68f93ed1e3425432ac639a8f0911c144f1d4c986

SHA256
8e2c03e1ee5068c16e61d3037a10371f2e9613221a165150008bef04474a8af8

SHA512
a843ab3a180684c4f5cae0240da19291e7ed9ae675c9356334386397561c527ab728d73767459350fa67624f389411d03665f69637c5f5c268011d1b103d0b02

Download Submit
memory/2460-23-0x000007FEF56D0000-0x000007FEF5D94000-memory.dmp

Filesize
6.8MB

Download