458b300e8bb22a7d899cf12fc117038023fd4d5ef9b414b58131fe62ae36db56

Analysis

max time kernel
840s
max time network
844s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
06-01-2025 18:54

Target

MoonHub.exe
Size

75.8MB
MD5

705fc6f99cec956a00170c3669f4a66d
SHA1

64231e0c9fd76168ebec88750da8ce1e8a577452
SHA256

458b300e8bb22a7d899cf12fc117038023fd4d5ef9b414b58131fe62ae36db56
SHA512

f75345bd15fd7b58b12f0ec6c8dee1c7b8626425b0cb474c186e4a99924406f08fb6ebe0ed114a180fa362478c6b83864498198594cb4883c28cb71842fff47c
SSDEEP

1572864:cbVlDzW0omcSk8IpG7V+VPhqSvE7WxelKiYiY4MHHLeqPNLtDbZ5ZmJ485N:cpBpomcSkB05awStxeMi7MHVLtPZ5pW

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2368	MoonHub.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a40-1265.dat	upx
behavioral1/memory/2368-1267-0x000007FEF6680000-0x000007FEF6AEE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2368	2152	MoonHub.exe	30
PID 2152 wrote to memory of 2368	2152	MoonHub.exe	30
PID 2152 wrote to memory of 2368	2152	MoonHub.exe	30

C:\Users\Admin\AppData\Local\Temp\MoonHub.exe
"C:\Users\Admin\AppData\Local\Temp\MoonHub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\MoonHub.exe
  "C:\Users\Admin\AppData\Local\Temp\MoonHub.exe"
  2⤵
  - Loads dropped DLL
  PID:2368

C:\Users\Admin\AppData\Local\Temp\_MEI21522\python310.dll

Filesize
1.4MB

MD5
01988415e8fb076dcb4a0d0639b680d9

SHA1
91b40cffcfc892924ed59dc0664c527ff9d3f69c

SHA256
b101db1ddd659b8d8ffd8b26422fde848d5b7846e0c236f051fadb9412de6e24

SHA512
eab0c3ca4578751a671beb3da650b5e971a79798deb77472e42f43aa2bea7434ad5228a8fddbfff051ce05054dbf3422d418f42c80bc3640e0e4f43a0cf2ebbe

Download Submit
memory/2368-1267-0x000007FEF6680000-0x000007FEF6AEE000-memory.dmp

Filesize
4.4MB

Download