89ae1787bf8c29a39d15478d2e65b7b11e721e09040d6644ef06aa6b7a20258b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:32

Target

main.exe
Size

7.5MB
MD5

ed396e0891a07137d1149fd63beb9d84
SHA1

a5405cca502fbf7840a88053f5c0d2a6aea287f7
SHA256

89ae1787bf8c29a39d15478d2e65b7b11e721e09040d6644ef06aa6b7a20258b
SHA512

a54525d957c4ab0f1130e9ec834b309db7c4d7a23496296a77825b0c05a95a9a5fad1ee5339bfbe0aa1184cee665c80e08b6d3452f97575eda559f3c85002dd2
SSDEEP

196608:E9hhOmurErvI9pWjg/Qc+4o673pNrabeSyzWtPMYnNcsI:k1urEUWjZZ4dDLIehzWtPTNzI

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2708	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001964b-21.dat	upx
behavioral1/memory/2708-23-0x000007FEF6140000-0x000007FEF6805000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2708	2176	main.exe	30
PID 2176 wrote to memory of 2708	2176	main.exe	30
PID 2176 wrote to memory of 2708	2176	main.exe	30

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2708

C:\Users\Admin\AppData\Local\Temp\_MEI21762\python312.dll

Filesize
1.7MB

MD5
eb02b8268d6ea28db0ea71bfe24b15d6

SHA1
86f723fcc4583d7d2bd59ca2749d4b3952cd65a5

SHA256
80222651a93099a906be55044024d32e93b841c83554359d6e605d50d11e2e70

SHA512
693bbc3c896ad3c6044c832597f946c778e6c6192def3d662803e330209ec1c68d8d33bd82978279ae66b264a892a366183dcef9a3a777e0a6ee450a928268e2

Download Submit
memory/2708-23-0x000007FEF6140000-0x000007FEF6805000-memory.dmp

Filesize
6.8MB

Download