10bf2019e3d2932957027a5caac24a04424ec014f87e08eefd53ae85176c70e9

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 02:02

Target

KashBeams.exe
Size

7.5MB
MD5

309098a7fec40953d398abfd44794952
SHA1

031947e64a71a5ff9c5589c6cddcb26742cfd7c6
SHA256

10bf2019e3d2932957027a5caac24a04424ec014f87e08eefd53ae85176c70e9
SHA512

2567ca1482ecf65eb7aab2e50274b87999fc8c5add37fcfc2a259df323a5761178b326dd240e1446a906eb7a8f739dbf0118d61ac72a9f85b78224736523b34f
SSDEEP

196608:7qLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1jT:KL+9qz8LD7fEUbiIqQgpT

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2888	KashBeams.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a438-21.dat	upx
behavioral1/memory/2888-23-0x000007FEF5E30000-0x000007FEF6500000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2888	3000	KashBeams.exe	30
PID 3000 wrote to memory of 2888	3000	KashBeams.exe	30
PID 3000 wrote to memory of 2888	3000	KashBeams.exe	30

C:\Users\Admin\AppData\Local\Temp\KashBeams.exe
"C:\Users\Admin\AppData\Local\Temp\KashBeams.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\KashBeams.exe
  "C:\Users\Admin\AppData\Local\Temp\KashBeams.exe"
  2⤵
  - Loads dropped DLL
  PID:2888

C:\Users\Admin\AppData\Local\Temp\_MEI30002\python312.dll

Filesize
1.7MB

MD5
86d9b8b15b0340d6ec235e980c05c3be

SHA1
a03bdd45215a0381dcb3b22408dbc1f564661c73

SHA256
12dbbcd67015d6cdb680752184107b7deb84e906b0e8e860385f85d33858a5f6

SHA512
d360cc3f00d90fd04cbba09d879e2826968df0c1fdc44890c60b8450fe028c3e767450c3543c62d4f284fb7e004a9a33c52538c2279221ee6cbdb1a9485f88b2

Download Submit
memory/2888-23-0x000007FEF5E30000-0x000007FEF6500000-memory.dmp

Filesize
6.8MB

Download