381902f4b710d5a7e7b11d8505d6db77cf4262efbd21fca8549810ec12868a38

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 04:25

Target

Deadrippersetup.exe
Size

35.4MB
MD5

d76b363c0f1fb16dc0cba3ed0629f281
SHA1

1893f55e29f09a28cdfe81c416ff63ac4f6c4b12
SHA256

381902f4b710d5a7e7b11d8505d6db77cf4262efbd21fca8549810ec12868a38
SHA512

7569caaa782f79fb11719cb22fd46ed00ea8a6527b32099b67ae6345d14c63e4e0d66ce6daf2fa0f163791993298c7a9f06d2708ff178fba59abe410ccab1f8f
SSDEEP

786432:7DGEdVl8Zml0W8ywm1N9ewO7zcY87Wkzl70XtGPfWqvdJZO4CyE:7Eml0W9wmpUE7WkzlA9G3W4dJZO4/

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2744	Deadrippersetup.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a81-1158.dat	upx
behavioral1/memory/2744-1160-0x000007FEF63D0000-0x000007FEF683E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2744	2172	Deadrippersetup.exe	31
PID 2172 wrote to memory of 2744	2172	Deadrippersetup.exe	31
PID 2172 wrote to memory of 2744	2172	Deadrippersetup.exe	31

C:\Users\Admin\AppData\Local\Temp\Deadrippersetup.exe
"C:\Users\Admin\AppData\Local\Temp\Deadrippersetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\Deadrippersetup.exe
  "C:\Users\Admin\AppData\Local\Temp\Deadrippersetup.exe"
  2⤵
  - Loads dropped DLL
  PID:2744

C:\Users\Admin\AppData\Local\Temp\_MEI21722\python310.dll

Filesize
1.4MB

MD5
701e2e5d0826f378a53dc5c83164c741

SHA1
62725dbee8546a7c9751679669c4aeb829bcb5a7

SHA256
9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2

SHA512
df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

Download Submit
memory/2744-1160-0x000007FEF63D0000-0x000007FEF683E000-memory.dmp

Filesize
4.4MB

Download
memory/2744-1161-0x000007FEF63D0000-0x000007FEF683E000-memory.dmp

Filesize
4.4MB

Download