aa41d8a0368f4747dda329118f3a21fda3a44952b50fe99d9703e9c96b3af18a

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 17:09

Target

VixenCracked.exe
Size

7.5MB
MD5

e3c32def05a39be3271b7d14776558a3
SHA1

2de4929daa3bea639dea1a6dac393ce94af8eb2e
SHA256

aa41d8a0368f4747dda329118f3a21fda3a44952b50fe99d9703e9c96b3af18a
SHA512

1417d1480f72ab25e8ecbb055951044ca2746d81e0733131bcc464699bd9f746f73409927841af019ae22d0a7890665b0e6a11165cfffef8e4b0e7c6c5a46490
SSDEEP

196608:qcgFuwfI9jUC2gYBYv3vbW5+iITm1U6ft:YFFIH2gYBgDW4TOzV

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2812	VixenCracked.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000195a9-21.dat	upx
behavioral1/memory/2812-23-0x000007FEF5C00000-0x000007FEF62C5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2812	2268	VixenCracked.exe	31
PID 2268 wrote to memory of 2812	2268	VixenCracked.exe	31
PID 2268 wrote to memory of 2812	2268	VixenCracked.exe	31

C:\Users\Admin\AppData\Local\Temp\VixenCracked.exe
"C:\Users\Admin\AppData\Local\Temp\VixenCracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\VixenCracked.exe
  "C:\Users\Admin\AppData\Local\Temp\VixenCracked.exe"
  2⤵
  - Loads dropped DLL
  PID:2812

C:\Users\Admin\AppData\Local\Temp\_MEI22682\python312.dll

Filesize
1.7MB

MD5
6f7c42579f6c2b45fe866747127aef09

SHA1
b9487372fe3ed61022e52cc8dbd37e6640e87723

SHA256
07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

SHA512
aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

Download Submit
memory/2812-23-0x000007FEF5C00000-0x000007FEF62C5000-memory.dmp

Filesize
6.8MB

Download