3690bc42c1c05331b2ea1374f99230cfe82d71bb72098d679575df6cdf6ad308

Analysis

max time kernel
615s
max time network
616s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 15:57

Target

Virus.exe
Size

6.7MB
MD5

7934cac1097c699a3d4b2e683eb53014
SHA1

8f0709fd999200f1bfdd3d35f4a7adab3911e1e1
SHA256

3690bc42c1c05331b2ea1374f99230cfe82d71bb72098d679575df6cdf6ad308
SHA512

41dfd120ddc50b95daaea7b663b6dc088083916f158f438807681e991e170399da47591e43a4b5c5d76c5238a605ac3244e36a0d064582fc0b8eca8a73638d55
SSDEEP

196608:FCXlY8XMCHGLLc54i1wN+lPIcu9KYK39sI3PPJNMRRccx:kXdXMCHWUjqcuI3/PJNe

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2392	Virus.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2092-0-0x000000013FF50000-0x000000013FFB0000-memory.dmp	upx
behavioral1/memory/2392-14-0x000000013FF50000-0x000000013FFB0000-memory.dmp	upx
behavioral1/memory/2092-13-0x0000000000100000-0x0000000000160000-memory.dmp	upx
behavioral1/memory/2392-17-0x000000013FF50000-0x000000013FFB0000-memory.dmp	upx
behavioral1/memory/2092-30-0x000000013FF50000-0x000000013FFB0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2392	2092	Virus.exe	30
PID 2092 wrote to memory of 2392	2092	Virus.exe	30
PID 2092 wrote to memory of 2392	2092	Virus.exe	30

C:\Users\Admin\AppData\Local\Temp\Virus.exe
"C:\Users\Admin\AppData\Local\Temp\Virus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\Virus.exe
  "C:\Users\Admin\AppData\Local\Temp\Virus.exe"
  2⤵
  - Loads dropped DLL
  PID:2392

C:\Users\Admin\AppData\Local\Temp\_MEI20922\python313.dll

Filesize
5.8MB

MD5
b9de917b925dd246b709bb4233777efd

SHA1
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

SHA256
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

SHA512
f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

Download Submit
memory/2092-0-0x000000013FF50000-0x000000013FFB0000-memory.dmp

Filesize
384KB

Download
memory/2092-13-0x0000000000100000-0x0000000000160000-memory.dmp

Filesize
384KB

Download
memory/2092-30-0x000000013FF50000-0x000000013FFB0000-memory.dmp

Filesize
384KB

Download
memory/2392-14-0x000000013FF50000-0x000000013FFB0000-memory.dmp

Filesize
384KB

Download
memory/2392-17-0x000000013FF50000-0x000000013FFB0000-memory.dmp

Filesize
384KB

Download