cc5428bae6618b177dab013b8fedce5c389e72850a6fd2af9e20112743f6859b

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 12:33

Target

kovaks.exe
Size

7.4MB
MD5

6873f30c0eba5250298b8cff4cae3219
SHA1

3d469ef32cf575ad30b49e37fb361d05f7a9f228
SHA256

cc5428bae6618b177dab013b8fedce5c389e72850a6fd2af9e20112743f6859b
SHA512

140d31205fd6032f4936b3016fb3e641a93f34fa43d23db10e0cf2dd5ed5ea10819ca9b373eae1059b642d687e0e302fd172949b5f06bfb61cd2f6344875360f
SSDEEP

98304:cbSibq7LA45urErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4E4TEGAuThA:cOMJwurErvI9pWjgfPvzm6gsFE4Th9y

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1740	kovaks.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019275-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 1740	540	kovaks.exe	31
PID 540 wrote to memory of 1740	540	kovaks.exe	31
PID 540 wrote to memory of 1740	540	kovaks.exe	31

C:\Users\Admin\AppData\Local\Temp\kovaks.exe
"C:\Users\Admin\AppData\Local\Temp\kovaks.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\kovaks.exe
  "C:\Users\Admin\AppData\Local\Temp\kovaks.exe"
  2⤵
  - Loads dropped DLL
  PID:1740

C:\Users\Admin\AppData\Local\Temp\_MEI5402\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
memory/1740-23-0x000007FEF5A10000-0x000007FEF6002000-memory.dmp

Filesize
5.9MB

Download