71fee025e3825e8edd5b36132d504c8bd4ac384625c943e29119a8c09bbfac7a

Resubmissions

03-02-2025 03:00

03-02-2025 00:30

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-02-2025 00:30

Target

first.exe
Size

84.9MB
MD5

9c453a9712b9219abc49c8aaa6c5a6d5
SHA1

6f84482f802b0ee48e59fe44da855b7e7ce7546e
SHA256

71fee025e3825e8edd5b36132d504c8bd4ac384625c943e29119a8c09bbfac7a
SHA512

df146bc2cd2e105fc9ab87c265403308abd84817f6c8b2261d40b84a78e42c38ba6f804588c932bd58a91b892ffb2d32844559947124b8bf4f53a36cf8247713
SSDEEP

1572864:CTPGULSiukfhLhyPlzwnGKlbWjdsm/OkiqOv8im2AzJE74blicRVPw/:CTjLSiuIhLhy9cGKRcsm/OknOv8i3mHu

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2836	first.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020c15-1281.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2836	2364	first.exe	30
PID 2364 wrote to memory of 2836	2364	first.exe	30
PID 2364 wrote to memory of 2836	2364	first.exe	30

C:\Users\Admin\AppData\Local\Temp\first.exe
"C:\Users\Admin\AppData\Local\Temp\first.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\first.exe
  "C:\Users\Admin\AppData\Local\Temp\first.exe"
  2⤵
  - Loads dropped DLL
  PID:2836

C:\Users\Admin\AppData\Local\Temp\_MEI23642\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
memory/2836-1283-0x000007FEF53C0000-0x000007FEF59A8000-memory.dmp

Filesize
5.9MB

Download