6f6109c626ace179bf754e5e27c7f2f2168503c1f7ba1d44346e8be9be1e58fa

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-01-2025 15:05

Target

.net.exe
Size

20.0MB
MD5

28f25e18733f88820fef41c6d34dfcbb
SHA1

490587f9bc871206e303efcbebb3746bd7561737
SHA256

6f6109c626ace179bf754e5e27c7f2f2168503c1f7ba1d44346e8be9be1e58fa
SHA512

f1df90cf3e9306d87cdf6c0a6d2edfb39996a89789ddf6b7174bffacc2a87fb931e8d91a8641ec9b19a4f545217d8182a106706bfdc00d2d8cc44717f8f40ac2
SSDEEP

196608:dXV1vOxB6ylnlPzf+JiJCsmFMvQn6hqgdhQ:FuBRlnlPSa7mmvQpgdhQ

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2204	.net.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000194ae-21.dat	upx
behavioral1/memory/2204-23-0x000007FEF5920000-0x000007FEF5F0A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 2204	1160	.net.exe	31
PID 1160 wrote to memory of 2204	1160	.net.exe	31
PID 1160 wrote to memory of 2204	1160	.net.exe	31

C:\Users\Admin\AppData\Local\Temp\.net.exe
"C:\Users\Admin\AppData\Local\Temp\.net.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Users\Admin\AppData\Local\Temp\.net.exe
  "C:\Users\Admin\AppData\Local\Temp\.net.exe"
  2⤵
  - Loads dropped DLL
  PID:2204

C:\Users\Admin\AppData\Local\Temp\_MEI11602\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2204-23-0x000007FEF5920000-0x000007FEF5F0A000-memory.dmp

Filesize
5.9MB

Download