9f29db0fcb7ef410fec1e32cfbb522f067db752372f8e99ef241e0d28e3b53b5

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 17:30

Target

newuimatrix.exe
Size

6.8MB
MD5

1f0ef7065d5324a06fb79a1a66f46998
SHA1

1b9199f4f92072cfd017b83080414f7e094fe61e
SHA256

ee2fc679b80508debc11666306c0b11eb38cdb437ae93aa22cc67f8be014b709
SHA512

5c0a160d0c262b88a9cbe9d820f38831715cc4329aa7c47c77792029d14f3e61ef13dbfa5b485824e5067390143906db11600433dcc050f54d81fd7b3b64358e
SSDEEP

196608:1rWEV1pB6ylnlPzf+JiJCsmFMvNn6hVvTA:DBRlnlPSa7mmvN+rA

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2720	newuimatrix.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001878e-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 2720	692	newuimatrix.exe	30
PID 692 wrote to memory of 2720	692	newuimatrix.exe	30
PID 692 wrote to memory of 2720	692	newuimatrix.exe	30

C:\Users\Admin\AppData\Local\Temp\newuimatrix.exe
"C:\Users\Admin\AppData\Local\Temp\newuimatrix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:692
- C:\Users\Admin\AppData\Local\Temp\newuimatrix.exe
  "C:\Users\Admin\AppData\Local\Temp\newuimatrix.exe"
  2⤵
  - Loads dropped DLL
  PID:2720

C:\Users\Admin\AppData\Local\Temp\_MEI6922\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2720-23-0x000007FEF58B0000-0x000007FEF5E9A000-memory.dmp

Filesize
5.9MB

Download