74d22af19aadd2c8815ae14d2d5f6cc93c21259e16248902237649af1b52e0d0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/02/2025, 19:35

Target

CertReq.exe
Size

6.1MB
MD5

14fa9c4afae8b74cbd549f5a1cde0ee8
SHA1

04b7fbd26e03f716b77c9515d9764598921c642b
SHA256

74d22af19aadd2c8815ae14d2d5f6cc93c21259e16248902237649af1b52e0d0
SHA512

c70ef4ad961368bb800c8d0b1a19275e46a0bd996e6164d3f606abb23518e46f2d249ae11f66f9a9b4b64132b4cd71425325f47e2492703d84204affee1e78bf
SSDEEP

196608:hgwYQHceNtx+yAiWfR0FHpdot7sl5nH+7YRb:+w777QfR0xpWsTH+7qb

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2736	CertReq.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000192f0-21.dat	upx
behavioral1/memory/2736-23-0x000007FEF5400000-0x000007FEF586F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2736	2696	CertReq.exe	31
PID 2696 wrote to memory of 2736	2696	CertReq.exe	31
PID 2696 wrote to memory of 2736	2696	CertReq.exe	31

C:\Users\Admin\AppData\Local\Temp\CertReq.exe
"C:\Users\Admin\AppData\Local\Temp\CertReq.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\CertReq.exe
  "C:\Users\Admin\AppData\Local\Temp\CertReq.exe"
  2⤵
  - Loads dropped DLL
  PID:2736

C:\Users\Admin\AppData\Local\Temp\_MEI26962\python310.dll

Filesize
1.5MB

MD5
524803ed4bb517a735f6bc14faf68f0b

SHA1
88e81ff595883906d3926c1838ae2c99c6c8dd93

SHA256
01cc48571b829447e13de958de42eb7e085290c313803d7e6c52ef1c4b3674c2

SHA512
03833a8c3c2ed722684c7ca4e7764fdcb0164fbab11af3161e68feb5e23c93bb0b19eca8717f23f5e0a06a7ccb2b47f2bb42c562b42d1a707af3fa876b70a885

Download Submit
memory/2736-23-0x000007FEF5400000-0x000007FEF586F000-memory.dmp

Filesize
4.4MB

Download