05266a1e82541f3908c2acdb6596791f842c4f483546e89cd52c22bb67a3f0f5

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 09:01

Target

AQUA PREMIUM Spoof.exe
Size

5.9MB
MD5

47911cfecd3dcd8b505235dd9b187992
SHA1

9c874cead1208b3b77f0ae535d07522629e6e676
SHA256

3aac1ef0cd3825fbb753199f1fe31430f4aba354cc4fb8e7db74b63ac8f7efdf
SHA512

cac06ffeb06e83c2e0a4c98512dde8292c2800a35a4653621e6cdd2877293381ebf7f773456974b4181838e98916ff9a6c6d5ec2ec145398cfddbb2668889eec
SSDEEP

98304:V2De7pzWqe8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDtFMai3lMmg8N:VzNzWKB6yA+KO0WR4iarmg8N

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2640	AQUA PREMIUM Spoof.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019dd7-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2640	1624	AQUA PREMIUM Spoof.exe	31
PID 1624 wrote to memory of 2640	1624	AQUA PREMIUM Spoof.exe	31
PID 1624 wrote to memory of 2640	1624	AQUA PREMIUM Spoof.exe	31

C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe
"C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe
  "C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"
  2⤵
  - Loads dropped DLL
  PID:2640

C:\Users\Admin\AppData\Local\Temp\_MEI16242\python310.dll

Filesize
1.4MB

MD5
3f782cf7874b03c1d20ed90d370f4329

SHA1
08a2b4a21092321de1dcad1bb2afb660b0fa7749

SHA256
2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

SHA512
950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

Download Submit
memory/2640-23-0x000007FEF5960000-0x000007FEF5DC6000-memory.dmp

Filesize
4.4MB

Download