f5627b2e36bff1bf291a4bee7481dbf96b9f43c709e7d95ad42c58af36860b6e

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 13:37

Target

hotfix.exe
Size

7.4MB
MD5

a2271e54b0c19f1efdba770dccee0128
SHA1

6b3ff7d411df91cfc0f4a356eae6c1f407b2b8dd
SHA256

f5627b2e36bff1bf291a4bee7481dbf96b9f43c709e7d95ad42c58af36860b6e
SHA512

04840f8cabbadd75ebea0ae0e948551985f335c552cfdc78c8c81e8ecab690df76641414e53b4c05702e067cbf21985fddc04b4e63ec858c887bc8ccd52891ff
SSDEEP

196608:MITurErvI9pWjgyvoaYrE41JIuIwoOdhe:hTurEUWjdo/H1JzoChe

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1096	hotfix.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000195ca-21.dat	upx
behavioral1/memory/1096-23-0x000007FEF5F60000-0x000007FEF6550000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1096	2368	hotfix.exe	30
PID 2368 wrote to memory of 1096	2368	hotfix.exe	30
PID 2368 wrote to memory of 1096	2368	hotfix.exe	30

C:\Users\Admin\AppData\Local\Temp\hotfix.exe
"C:\Users\Admin\AppData\Local\Temp\hotfix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\hotfix.exe
  "C:\Users\Admin\AppData\Local\Temp\hotfix.exe"
  2⤵
  - Loads dropped DLL
  PID:1096

C:\Users\Admin\AppData\Local\Temp\_MEI23682\python311.dll

Filesize
1.6MB

MD5
b167b98fc5c89d65cb1fa8df31c5de13

SHA1
3a6597007f572ea09ed233d813462e80e14c5444

SHA256
28eda3ba32f5247c1a7bd2777ead982c24175765c4e2c1c28a0ef708079f2c76

SHA512
40a1f5cd2af7e7c28d4c8e327310ea1982478a9f6d300950c7372634df0d9ad840f3c64fe35cc01db4c798bd153b210c0a8472ae0898bebf8cf9c25dd3638de8

Download Submit
memory/1096-23-0x000007FEF5F60000-0x000007FEF6550000-memory.dmp

Filesize
5.9MB

Download