765e93db27f71aa62350f280b56f4c94df02418f69f983fa0d22adbb8f2e3f87

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 00:01

Target

EXgen.exe
Size

76.6MB
MD5

34ed77e16aa21b1db144c4f8c7a97b3a
SHA1

3cb17df90175b3ad8caf2ec95a3095dca078933d
SHA256

765e93db27f71aa62350f280b56f4c94df02418f69f983fa0d22adbb8f2e3f87
SHA512

8e379f20389f8ae68a8b5a3b4bc1839763f17209fcf4b95341800de36813433c4000fedd21b329483dff91a9ebbdbda89886a787032f1490f41aaa3fb2af1f74
SSDEEP

1572864:a1l7W1mUSk8IpG7V+VPhqFxE7BlhWiYweyJulZUdg6zfr/kAd72:a1ZkmUSkB05awFcLLpuqzjZ2

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
600	EXgen.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a57-1271.dat	upx
behavioral1/memory/600-1273-0x000007FEF5490000-0x000007FEF5B51000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 600	1448	EXgen.exe	30
PID 1448 wrote to memory of 600	1448	EXgen.exe	30
PID 1448 wrote to memory of 600	1448	EXgen.exe	30

C:\Users\Admin\AppData\Local\Temp\EXgen.exe
"C:\Users\Admin\AppData\Local\Temp\EXgen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\EXgen.exe
  "C:\Users\Admin\AppData\Local\Temp\EXgen.exe"
  2⤵
  - Loads dropped DLL
  PID:600

C:\Users\Admin\AppData\Local\Temp\_MEI14482\python312.dll

Filesize
1.7MB

MD5
ebd1e51a1a1c1534f1695bc71beecbe0

SHA1
280b29f98df389d5f239fc54d71b258b07a5d290

SHA256
3ac7db2567f747a6a16447bc559a6aa20ba846ff9a6fdaf25f2b301a95889b90

SHA512
2db7e56fb166ea95cadfd3eec13a003727b33dc56e07c6628d0ac3a07f3ac95075af8be09317151037c6bdc8c6d451f2fb8041598d3d68d593a2964fea0fe0e4

Download Submit
memory/600-1273-0x000007FEF5490000-0x000007FEF5B51000-memory.dmp

Filesize
6.8MB

Download