e60d698a088c4637eacdf70a04653c6d232440d90930ae0b3f72d4bcb01c4f0a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 01:07

Target

stealer.exe
Size

5.9MB
MD5

4b404daa8d1f29d86c6873799066808d
SHA1

6c9d1a5f9b4792e71c278e5f9af3e80f8eef4fbc
SHA256

e60d698a088c4637eacdf70a04653c6d232440d90930ae0b3f72d4bcb01c4f0a
SHA512

dd01797b32e74b145bbbcf93b937980920daf0eec4d0b1982f4cadcf3f58a6beb24e1d54639af8176ed53a103deb542cc2806e79f7ac1fed25275d8c4c2b1fea
SSDEEP

98304:aREEtdFBCCuamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RhOuAKMenmrv+:aBFIC3eN/FJMIDJf0gsAGK4RkuAKMTrG

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2448	stealer.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019515-21.dat	upx
behavioral1/memory/2448-23-0x000007FEF6150000-0x000007FEF65BE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2448	2484	stealer.exe	30
PID 2484 wrote to memory of 2448	2484	stealer.exe	30
PID 2484 wrote to memory of 2448	2484	stealer.exe	30

C:\Users\Admin\AppData\Local\Temp\stealer.exe
"C:\Users\Admin\AppData\Local\Temp\stealer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\stealer.exe
  "C:\Users\Admin\AppData\Local\Temp\stealer.exe"
  2⤵
  - Loads dropped DLL
  PID:2448

C:\Users\Admin\AppData\Local\Temp\_MEI24842\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2448-23-0x000007FEF6150000-0x000007FEF65BE000-memory.dmp

Filesize
4.4MB

Download