1cbf6cf57cd8f9cff968a1500fd2709d07be36565d535be3fbec5b0259de6e12

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/02/2025, 17:01

Target

ApexClient.exe
Size

5.9MB
MD5

1597f3168119e47ea081aa54d67259c8
SHA1

f58f61faa230cae5c12eefb6c1be314dd5623872
SHA256

1cbf6cf57cd8f9cff968a1500fd2709d07be36565d535be3fbec5b0259de6e12
SHA512

d3f53cc37f377ba13f6c7d841e1a99b20292a791fd3c53266d816214d5525f328542f8c5bb632a7803204a9f93bbb047be2ca8ad62251c4d8376016be37a1801
SSDEEP

98304:rQ+WCSApi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFW9hbkrNGsUt:rDmArDOYjJlpZstQoS9Hf12VKXZbbCMR

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2224	ApexClient.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000018792-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 2224	1160	ApexClient.exe	31
PID 1160 wrote to memory of 2224	1160	ApexClient.exe	31
PID 1160 wrote to memory of 2224	1160	ApexClient.exe	31

C:\Users\Admin\AppData\Local\Temp\ApexClient.exe
"C:\Users\Admin\AppData\Local\Temp\ApexClient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Users\Admin\AppData\Local\Temp\ApexClient.exe
  "C:\Users\Admin\AppData\Local\Temp\ApexClient.exe"
  2⤵
  - Loads dropped DLL
  PID:2224

C:\Users\Admin\AppData\Local\Temp\_MEI11602\python310.dll

Filesize
1.4MB

MD5
b93eda8cc111a5bde906505224b717c3

SHA1
5f1ae1ab1a3c4c023ea8138d4b09cbc1cd8e8f9e

SHA256
efa27cd726dbf3bf2448476a993dc0d5ffb0264032bf83a72295ab3fc5bcd983

SHA512
b20195930967b4dc9f60c15d9ceae4d577b00095f07bd93aa4f292b94a2e5601d605659e95d5168c1c2d85dc87a54d27775f8f20ebcacf56904e4aa30f1affba

Download Submit
memory/2224-23-0x000007FEF6500000-0x000007FEF6965000-memory.dmp

Filesize
4.4MB

Download