9d6b2b465edd86d47244d2e010c5403995d2e679a57f4ada2ced6a7f25028245

Analysis

max time kernel
3s
max time network
2s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 13:19

Target

start.exe
Size

47.2MB
MD5

1ca6e35c3c86f6925bdbcc045238c7ec
SHA1

73721db03b3de8411cbdbe1a0305178a65b688e6
SHA256

9d6b2b465edd86d47244d2e010c5403995d2e679a57f4ada2ced6a7f25028245
SHA512

816579905d43082035feb3d96b66b6f195135d5cefe9d909c50b665d0d21cd1d145969eea85f83cb9c358a8da32b8d52499857bd7340b2961efa84e387464a1f
SSDEEP

786432:dHxfG6IE4bGS9jVEzcZKECbm8+wP6nI6i0ch1mPQe53gDrhvflc1Lk8EoYLQn9j/:dAJKajVEzcZKX68+0scx1peIr99c1xGe

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2204	start.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019c48-22.dat	upx
behavioral1/memory/2204-24-0x000007FEF55E0000-0x000007FEF5C43000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2204	2260	start.exe	30
PID 2260 wrote to memory of 2204	2260	start.exe	30
PID 2260 wrote to memory of 2204	2260	start.exe	30

C:\Users\Admin\AppData\Local\Temp\start.exe
"C:\Users\Admin\AppData\Local\Temp\start.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\start.exe
  "C:\Users\Admin\AppData\Local\Temp\start.exe"
  2⤵
  - Loads dropped DLL
  PID:2204

C:\Users\Admin\AppData\Local\Temp\_MEI22602\python313.dll

Filesize
1.8MB

MD5
6ef5d2f77064df6f2f47af7ee4d44f0f

SHA1
0003946454b107874aa31839d41edcda1c77b0af

SHA256
ab7c640f044d2eb7f4f0a4dfe5e719dfd9e5fcd769943233f5cece436870e367

SHA512
1662cc02635d63b8114b41d11ec30a2af4b0b60209196aac937c2a608588fee47c6e93163ea6bf958246c32759ac5c82a712ea3d690e796e2070ac0ff9104266

Download Submit
memory/2204-24-0x000007FEF55E0000-0x000007FEF5C43000-memory.dmp

Filesize
6.4MB

Download