4461c776b98997d20667083d19db07e892884b42410a3a4a2272a4559319d83d

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 17:45

Target

ARK gen v4.exe
Size

5.9MB
MD5

3ffe9096a09d9945254115d93d22fe69
SHA1

ca12c68e82bbd5a656c817eaf46bf17da0a0689a
SHA256

de83827afad4b125b56f60826cd83c4c0f699e6454d4869e74a7fba4874e04f8
SHA512

c54a576ce877215f14150bc0fe69913f99bb2e807d5c21bffddc5a91bfd7e2a76f32a39a07c7df5cbd03f13145b241a60f5b55bec1a1e3a2ea97a914cfc4f617
SSDEEP

98304:mkDe7pzfmt8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDgFM713eMWOL:mhNzfB6yA+KO0WRti7/WOL

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2836	ARK gen v4.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019926-21.dat	upx
behavioral1/memory/2836-23-0x000007FEF6940000-0x000007FEF6DA6000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2836	1656	ARK gen v4.exe	30
PID 1656 wrote to memory of 2836	1656	ARK gen v4.exe	30
PID 1656 wrote to memory of 2836	1656	ARK gen v4.exe	30

C:\Users\Admin\AppData\Local\Temp\ARK gen v4.exe
"C:\Users\Admin\AppData\Local\Temp\ARK gen v4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\ARK gen v4.exe
  "C:\Users\Admin\AppData\Local\Temp\ARK gen v4.exe"
  2⤵
  - Loads dropped DLL
  PID:2836

C:\Users\Admin\AppData\Local\Temp\_MEI16562\python310.dll

Filesize
1.4MB

MD5
3f782cf7874b03c1d20ed90d370f4329

SHA1
08a2b4a21092321de1dcad1bb2afb660b0fa7749

SHA256
2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

SHA512
950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

Download Submit
memory/2836-23-0x000007FEF6940000-0x000007FEF6DA6000-memory.dmp

Filesize
4.4MB

Download