5deb8f3ed733f1d73547bcd154f37f5cf991912f3bf7c6575dca700ea7c37b52

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 11:01

Target

H2BOTNET.exe
Size

5.9MB
MD5

6121d9793742fd2ffbc985d0dad01a58
SHA1

27fb444e6f7f838a02ee0d88fe111ca6b53faf03
SHA256

5deb8f3ed733f1d73547bcd154f37f5cf991912f3bf7c6575dca700ea7c37b52
SHA512

40cd64c1bda206579a7c52cb269750d641b388efd719f6f1a03134a2f33e9b28774cf89a38673ace5ca47d0b5904ef83802f2d7d2dede088a9dd0bfcb39c6e6a
SSDEEP

98304:OVDe7pzWqi8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDbFM6+3RM55eE:OwNzW4B6yA+KO0WRqi6955eE

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2388	H2BOTNET.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2388-23-0x000007FEF6360000-0x000007FEF67C6000-memory.dmp	upx
behavioral1/files/0x0005000000019228-22.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 2388	1588	H2BOTNET.exe	30
PID 1588 wrote to memory of 2388	1588	H2BOTNET.exe	30
PID 1588 wrote to memory of 2388	1588	H2BOTNET.exe	30

C:\Users\Admin\AppData\Local\Temp\H2BOTNET.exe
"C:\Users\Admin\AppData\Local\Temp\H2BOTNET.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\H2BOTNET.exe
  "C:\Users\Admin\AppData\Local\Temp\H2BOTNET.exe"
  2⤵
  - Loads dropped DLL
  PID:2388

\Users\Admin\AppData\Local\Temp\_MEI15882\python310.dll

Filesize
1.4MB

MD5
3f782cf7874b03c1d20ed90d370f4329

SHA1
08a2b4a21092321de1dcad1bb2afb660b0fa7749

SHA256
2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

SHA512
950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

Download Submit
memory/2388-23-0x000007FEF6360000-0x000007FEF67C6000-memory.dmp

Filesize
4.4MB

Download