12f2b7dc2ce5d51089e635e1f86ce2d058f73ea1a050f1d38f04fa3db793d386

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 02:05

Target

Craxs.exe/Built.exe
Size

5.8MB
MD5

eafb71b1f8ff22f4b88c677c17a4159a
SHA1

e3fb7830e0ed8054c790679454f582248c373b51
SHA256

6bed48fba23d3fbb1cc02a1225abd44fa6d5d85a1f7b12768088fcfb5352ceed
SHA512

c530202f3393f051c11e379863a996bede0b27ae432ade1c87625d2a9b104c9cf8322d62fab64a41987c5f6f8646d1f1023b07a745ea982289df43040221882e
SSDEEP

98304:2nzmDSr7xRHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6nret+1:2nzmD6xRHvUWvozWOxu9kXwvdbDlA03n

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
272	Built.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019609-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 272	2464	Built.exe	30
PID 2464 wrote to memory of 272	2464	Built.exe	30
PID 2464 wrote to memory of 272	2464	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Craxs.exe\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Craxs.exe\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\Craxs.exe\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Craxs.exe\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:272

C:\Users\Admin\AppData\Local\Temp\_MEI24642\python310.dll

Filesize
1.4MB

MD5
b3ae142a88ff3760a852ba7facb901bc

SHA1
ad23e5f2f0cc6415086d8c8273c356d35fa4e3ee

SHA256
2291ce67c4be953a0b7c56d790b6cc8075ec8166b1b2e05d71f684c59fdd91a5

SHA512
3b60b8b7197079d629d01440ed78a589c6a18803cc63cdeac1382dc76201767f18190e694d2c1839a72f6318e39dba6217c48a130903f72e47fa1db504810c1c

Download Submit
memory/272-23-0x000007FEF5960000-0x000007FEF5DCA000-memory.dmp

Filesize
4.4MB

Download