3046f37940ea9df7c118e89edd80b1903a49bced1986195d0fb9356f368479c6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-01-2025 16:47

Target

Ez.exe
Size

5.8MB
MD5

988710d51a3c1b137dadffb2aa1d4bbd
SHA1

dd5399d7a78b8c6c73496cfc8aee9c55ac557ec9
SHA256

3046f37940ea9df7c118e89edd80b1903a49bced1986195d0fb9356f368479c6
SHA512

9f13eb8e3d9a0f8a7941232e5183141cd4b0973ae965d53f2ea2faeae203be638c222d6bab44a66f17f2e7267de2166af47cda99c0f10bdac101ca38684439f0
SSDEEP

98304:VtIu4+Dc0dR/JamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HEMCx43Z:4p+DXR/EeNoInY7/sHfbRy9fC5mDQTI

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2752	Ez.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000019232-21.dat	upx
behavioral1/memory/2752-23-0x000007FEF56F0000-0x000007FEF5B5E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2752	2248	Ez.exe	31
PID 2248 wrote to memory of 2752	2248	Ez.exe	31
PID 2248 wrote to memory of 2752	2248	Ez.exe	31

C:\Users\Admin\AppData\Local\Temp\Ez.exe
"C:\Users\Admin\AppData\Local\Temp\Ez.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Ez.exe
  "C:\Users\Admin\AppData\Local\Temp\Ez.exe"
  2⤵
  - Loads dropped DLL
  PID:2752

C:\Users\Admin\AppData\Local\Temp\_MEI22482\python310.dll

Filesize
1.4MB

MD5
01988415e8fb076dcb4a0d0639b680d9

SHA1
91b40cffcfc892924ed59dc0664c527ff9d3f69c

SHA256
b101db1ddd659b8d8ffd8b26422fde848d5b7846e0c236f051fadb9412de6e24

SHA512
eab0c3ca4578751a671beb3da650b5e971a79798deb77472e42f43aa2bea7434ad5228a8fddbfff051ce05054dbf3422d418f42c80bc3640e0e4f43a0cf2ebbe

Download Submit
memory/2248-45-0x000000013FFA0000-0x000000013FFC7000-memory.dmp

Filesize
156KB

Download
memory/2752-23-0x000007FEF56F0000-0x000007FEF5B5E000-memory.dmp

Filesize
4.4MB

Download
memory/2752-24-0x000000013FFA0000-0x000000013FFC7000-memory.dmp

Filesize
156KB

Download