0a066e9d3adf9fb2c8fe85358a8544c9a2828d8775a9d9fb54ea455c17941102

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 02:42

Target

liarsbar/liarsbar/LBM menu/liarsbar.exe
Size

8.5MB
MD5

5836f099f60cb240e246889d2ef83276
SHA1

e5ced89c7af9e148e1e7fff41b2a975b95eb8be3
SHA256

8ca3bb4c2a4a906094f8d17303464c3deba88f7aa2d1e8ffc82053f2332f10eb
SHA512

8137565b6c77ea05d64f9be5fba291a3bb7f8aaaf07779a7e7da576c6044515ac72b25c931d9d2bbebf98f17bf63bae3c7aa6139e752138ddb67f87c4b17171c
SSDEEP

196608:GREbGXVnICteEroXxCzlxZV3Gu5D4S267ygEGPt2CS3sj8kg7UKvD:+EmInEroX414S2D7qcb7pb

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1904	liarsbar.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 1904	2428	liarsbar.exe	30
PID 2428 wrote to memory of 1904	2428	liarsbar.exe	30
PID 2428 wrote to memory of 1904	2428	liarsbar.exe	30

C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\liarsbar.exe
"C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\liarsbar.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\liarsbar.exe
  "C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\liarsbar.exe"
  2⤵
  - Loads dropped DLL
  PID:1904

C:\Users\Admin\AppData\Local\Temp\_MEI24282\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit