656eb4d10487e855a11b88e487b887e88f8d3540f14c6a08869e83f8c2d5e13f

Analysis

max time kernel
21s
max time network
17s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
08-01-2025 00:54

Target

Mozilla Firefox/firefox.exe
Size

7.7MB
MD5

fb6cfadcb6f8c942d0e08e3132e2d4b4
SHA1

f2f1c3c305b38dc820da77ef1bc744df7b96f6be
SHA256

4309afefeaff92ac85c54b6940b62c9ec342909eb45263520f053bff28c7217a
SHA512

22292be72b3251aadd91a103d15dd1e1ab119d82decabbd3fa7cf9dda359b9ad3e99727d678892e35805b88bed11766d68268ffc22b5ff259f6ad2e8cd0f561b
SSDEEP

196608:fDD+kdTwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWF:r5+IHL7HmBYXrYoaUNq

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2652	firefox.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral9/files/0x000500000001a4cd-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2652	2880	firefox.exe	30
PID 2880 wrote to memory of 2652	2880	firefox.exe	30
PID 2880 wrote to memory of 2652	2880	firefox.exe	30

C:\Users\Admin\AppData\Local\Temp\Mozilla Firefox\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Mozilla Firefox\firefox.exe
  "C:\Users\Admin\AppData\Local\Temp\Mozilla Firefox\firefox.exe"
  2⤵
  - Loads dropped DLL
  PID:2652

C:\Users\Admin\AppData\Local\Temp\_MEI28802\python313.dll

Filesize
1.8MB

MD5
9a3d3ae5745a79d276b05a85aea02549

SHA1
a5e60cac2ca606df4f7646d052a9c0ea813e7636

SHA256
09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

SHA512
46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

Download Submit
memory/2652-23-0x000007FEF58C0000-0x000007FEF5F25000-memory.dmp

Filesize
6.4MB

Download