0febdcc57349da7a79710b6cf65c7d6c73dfaeaad3ff7bafb73b936a7e222b4a

Analysis

max time kernel
363s
max time network
364s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-01-2025 21:29

Target

LaSInject/LaSInject.exe
Size

6.9MB
MD5

b00cc9195c7f6c078ee86baa3275ead3
SHA1

0c5e32dbf11ed61bfdec3ad321f83c8e66224520
SHA256

ed361180fb612d5ae7a8eeab2d8d0a1657bd8bbed655fb43418bbffb080ac13b
SHA512

80327efe6b98253edccf69df53b8ac432c390f3c2b040e117c4c4ba9b13a90adc4c16bbcd2b8333328bd8bc847f1f4f423e241a446bed9b2e006697e11bd81a8
SSDEEP

196608:G1V1vFddB6ylnlPzf+JiJCsmFMvQn6hqgdh0:6FnBRlnlPSa7mmvQpgdh0

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
936	LaSInject.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001952f-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 936	764	LaSInject.exe	31
PID 764 wrote to memory of 936	764	LaSInject.exe	31
PID 764 wrote to memory of 936	764	LaSInject.exe	31

C:\Users\Admin\AppData\Local\Temp\LaSInject\LaSInject.exe
"C:\Users\Admin\AppData\Local\Temp\LaSInject\LaSInject.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Users\Admin\AppData\Local\Temp\LaSInject\LaSInject.exe
  "C:\Users\Admin\AppData\Local\Temp\LaSInject\LaSInject.exe"
  2⤵
  - Loads dropped DLL
  PID:936

C:\Users\Admin\AppData\Local\Temp\_MEI7642\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/936-23-0x000007FEF5C00000-0x000007FEF61EA000-memory.dmp

Filesize
5.9MB

Download