2115cc224c45992e5d6797da69498b9712f7ba7afb94d6053ecd7a7560b6d987

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 20:25

Target

projectera.exe
Size

76.6MB
MD5

35cbd72c4ea08b56481431df776568d1
SHA1

2873a8d688b886097fb321bf7f03d6e412eb085b
SHA256

2115cc224c45992e5d6797da69498b9712f7ba7afb94d6053ecd7a7560b6d987
SHA512

8426d9986d1617ee45fa17b958ceb5e218debcb339ee0ebc217480ba7d0399459bad85ebb2aa00aaa70bfc5ae78905bd67394073af404af042311d39f1a20f74
SSDEEP

1572864:91l92WfmUSk8IpG7V+VPhqb+TUE7Tlhe7fEYiYweyJulZUdgRI6XPwfzmDtaJS:91KMmUSkB05awb+TVLPhpulvXztao

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2252	projectera.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a1e-1267.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2252	2872	projectera.exe	30
PID 2872 wrote to memory of 2252	2872	projectera.exe	30
PID 2872 wrote to memory of 2252	2872	projectera.exe	30

C:\Users\Admin\AppData\Local\Temp\projectera.exe
"C:\Users\Admin\AppData\Local\Temp\projectera.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\projectera.exe
  "C:\Users\Admin\AppData\Local\Temp\projectera.exe"
  2⤵
  - Loads dropped DLL
  PID:2252

C:\Users\Admin\AppData\Local\Temp\_MEI28722\python312.dll

Filesize
1.7MB

MD5
f23aa992b8e0a301ec8f473d6b784f4b

SHA1
ee73a5da238341cb21a781a3ddcb187d1f971680

SHA256
0ddfba7779ebc44f2fa819a78b54bc730a5543274986e973beee024fab0ecfc6

SHA512
028abb66298fee6173d34f80940f5bdd3988a8373234f32a780ae93e155d90af191d85164077d9b76dc3651bda4d9902ccbfd03d37be3e9662006b65c3defb35

Download Submit
memory/2252-1269-0x000007FEF5280000-0x000007FEF5950000-memory.dmp

Filesize
6.8MB

Download