d282f2906445857b9795c6e67b3897e0e30bf6302d876f54ad5a3cd874e20202

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 06:07

Target

DA-EX.exe
Size

5.9MB
MD5

35e367c32f350da0eb07355405e9055c
SHA1

7ca83be4b4cca9e5c9c284166f6a7461c9b6601c
SHA256

d282f2906445857b9795c6e67b3897e0e30bf6302d876f54ad5a3cd874e20202
SHA512

b4671906cd67ff232b492f9f6ab5f398d4c6ebb43ebdd181904bb2cee82b4362b33aeb52271cdc1d386be7d79b4de5db64bd82f24dedc9f144e9e04e427f709d
SSDEEP

98304:l5EtdFBGrHwamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RQOuAKHCZG+G:lYFErHReN/FJMIDJf0gsAGK4RbuAKHxv

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2776	DA-EX.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000018686-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2776	2612	DA-EX.exe	30
PID 2612 wrote to memory of 2776	2612	DA-EX.exe	30
PID 2612 wrote to memory of 2776	2612	DA-EX.exe	30

C:\Users\Admin\AppData\Local\Temp\DA-EX.exe
"C:\Users\Admin\AppData\Local\Temp\DA-EX.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\DA-EX.exe
  "C:\Users\Admin\AppData\Local\Temp\DA-EX.exe"
  2⤵
  - Loads dropped DLL
  PID:2776

C:\Users\Admin\AppData\Local\Temp\_MEI26122\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2776-23-0x000007FEF69C0000-0x000007FEF6E2E000-memory.dmp

Filesize
4.4MB

Download