7e7597691235f0ff8a8df29ee3e54ea7a69b43b4ef727adf511e7aec749dc68a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 01:52

Target

rename_me_before.exe
Size

11.3MB
MD5

8b8040d5875e4c41ed5091f92021a16b
SHA1

4ebb7b91e64a7193b61a0e1405847ed13563f7d5
SHA256

7e7597691235f0ff8a8df29ee3e54ea7a69b43b4ef727adf511e7aec749dc68a
SHA512

4703f8ad9543f2aa47a1c964e13c7bad48a593284d53baac3581d6b584e63cad5c88afe6aca2c8f2c708369e757b2cd150b95247c01bfd8b58d6915fed524a7a
SSDEEP

196608:AUC1IYDEmmtSBLjv+bhqNVobZ1Uh8mAIv9P5jQ1KJEaKOlx:TC+OEZtSZL+9qzGZeII3MCCOlx

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2780	rename_me_before.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019f6e-46.dat	upx
behavioral1/memory/2780-48-0x000007FEF5A90000-0x000007FEF6079000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2780	1316	rename_me_before.exe	30
PID 1316 wrote to memory of 2780	1316	rename_me_before.exe	30
PID 1316 wrote to memory of 2780	1316	rename_me_before.exe	30

C:\Users\Admin\AppData\Local\Temp\rename_me_before.exe
"C:\Users\Admin\AppData\Local\Temp\rename_me_before.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Users\Admin\AppData\Local\Temp\rename_me_before.exe
  "C:\Users\Admin\AppData\Local\Temp\rename_me_before.exe"
  2⤵
  - Loads dropped DLL
  PID:2780

C:\Users\Admin\AppData\Local\Temp\_MEI13162\python311.dll

Filesize
1.6MB

MD5
affa456007f359e9f8c5d2931d966cb9

SHA1
9b06d6cb7d7f1a7c2fa9e7f62d339b9f2813e80f

SHA256
4bab2e402a02c8b2b0542246d9ef54027a739121b4b0760f08cd2e7c643ed866

SHA512
7c357f43dd272e1d595ccde87c13fd2cdf4123b20af6855576bfba15afd814a95886cebbe96bb7781b916f9db3c3ee02d381036ddbf62095de3ee43a7f94d156

Download Submit
memory/2780-48-0x000007FEF5A90000-0x000007FEF6079000-memory.dmp

Filesize
5.9MB

Download