dd02390d21f48b13d30d58d70b3ccd620f860403210aa951b1b78f4659ae8059

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 03:29

Target

Tz Cracked.exe
Size

6.0MB
MD5

5e7273135dead19a1c3d7c2b15daf8f8
SHA1

dfb0a32fa64be616f16f0ffb2127fb6529c04d35
SHA256

dd02390d21f48b13d30d58d70b3ccd620f860403210aa951b1b78f4659ae8059
SHA512

c89ab3bde670e5b7b575bd0cbb55f48d9ea377d7a9b4a98720d2148b8cc7f50af242615ce48eadcfab4ed7475fa2701a3bc1bece6b8fb8a8103677daf72bcf1a
SSDEEP

196608:DaFjZIeN/FJMIDJf0gsAGK4RakRgW1EYC:m/Fqyf0gstakObT

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2732	Tz Cracked.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000015f71-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2732	2132	Tz Cracked.exe	28
PID 2132 wrote to memory of 2732	2132	Tz Cracked.exe	28
PID 2132 wrote to memory of 2732	2132	Tz Cracked.exe	28

C:\Users\Admin\AppData\Local\Temp\Tz Cracked.exe
"C:\Users\Admin\AppData\Local\Temp\Tz Cracked.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\Tz Cracked.exe
  "C:\Users\Admin\AppData\Local\Temp\Tz Cracked.exe"
  2⤵
  - Loads dropped DLL
  PID:2732

C:\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2732-23-0x000007FEF68E0000-0x000007FEF6D4E000-memory.dmp

Filesize
4.4MB

Download