9c1997cdded3bccb53ffa04d623eb2cefda3e8072e08015e7baadc6133cb1048

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 06:18

Target

BronHWIDSpoofer.exe
Size

10.8MB
MD5

91523abe0b195e2a1005b0febd08b396
SHA1

d7a1523d089072fe18b0aecfcd7bd43bec92eb2d
SHA256

9c1997cdded3bccb53ffa04d623eb2cefda3e8072e08015e7baadc6133cb1048
SHA512

7e5b9c83c2f15a63d98794cad5be855d1e8732560a84f759abc76663d3af3c62779d5e51c6710bb364ac2834cc1d6d72dcdd885cfa509c770a552c4a8bdfee12
SSDEEP

196608:DomcINKAggiivNm1E8giq1g9mveNo+wfm/pf+xfdkR+QLxK3r2WOHWKD3beH:kmcIDqi1m1Nqao+9/pWFGR+c03r2W670

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2528	BronHWIDSpoofer.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000193c1-46.dat	upx
behavioral1/memory/2528-48-0x000007FEF59E0000-0x000007FEF5FC8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2528	1716	BronHWIDSpoofer.exe	28
PID 1716 wrote to memory of 2528	1716	BronHWIDSpoofer.exe	28
PID 1716 wrote to memory of 2528	1716	BronHWIDSpoofer.exe	28

C:\Users\Admin\AppData\Local\Temp\BronHWIDSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\BronHWIDSpoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\BronHWIDSpoofer.exe
  "C:\Users\Admin\AppData\Local\Temp\BronHWIDSpoofer.exe"
  2⤵
  - Loads dropped DLL
  PID:2528

C:\Users\Admin\AppData\Local\Temp\_MEI17162\python311.dll

Filesize
1.6MB

MD5
db09c9bbec6134db1766d369c339a0a1

SHA1
c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b

SHA256
b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79

SHA512
653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45

Download Submit
memory/2528-48-0x000007FEF59E0000-0x000007FEF5FC8000-memory.dmp

Filesize
5.9MB

Download