87b774f3210ce1ab79531cf3e39e8d13d0f90412e70c49d66400c996a36d57ce

Analysis

max time kernel
1s
max time network
1s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-02-2025 04:48

Target

trigger bot.exe
Size

24.5MB
MD5

3c04d21641b0a4328af9d730640686dd
SHA1

8cee6d77df0319f4afa07bc5266ef99c7bc332e3
SHA256

87b774f3210ce1ab79531cf3e39e8d13d0f90412e70c49d66400c996a36d57ce
SHA512

9639466109020d293b8b501ab554075daa337e8f89138ab5d642f0b07d494bf3cac3ad363547ae12bee135021283da24fe130b112497fd8818fef2f5e6cbe835
SSDEEP

393216:ZB42L62LqCeYw5OtW8KovSiIZA0dfY8so9L/gmiVOdlVJIe:zoowIW8KuqflsoN/FRlVWe

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
3044	trigger bot.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00030000000208ba-1098.dat	upx
behavioral1/memory/3044-1100-0x000007FEF57B0000-0x000007FEF5E14000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 3044	2732	trigger bot.exe	30
PID 2732 wrote to memory of 3044	2732	trigger bot.exe	30
PID 2732 wrote to memory of 3044	2732	trigger bot.exe	30

C:\Users\Admin\AppData\Local\Temp\trigger bot.exe
"C:\Users\Admin\AppData\Local\Temp\trigger bot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\trigger bot.exe
  "C:\Users\Admin\AppData\Local\Temp\trigger bot.exe"
  2⤵
  - Loads dropped DLL
  PID:3044

C:\Users\Admin\AppData\Local\Temp\_MEI27322\python313.dll

Filesize
1.8MB

MD5
6b3a16dc31065257b7845d9ff611e3c6

SHA1
8cf971ee772193a93e49f4701f817bc6245cf81c

SHA256
3cdc6a436aa16671deb975af8290654a134bb916299677a08438fc7e91e6f7e6

SHA512
1d219471032c882b2e624ec1df951f6a59ee8ba39459d8eb917aaeec6899d0af6782580a5dc43ed1bbe852587c52bea32ba93ea195940335e2a19cc120c53aec

Download Submit
memory/3044-1100-0x000007FEF57B0000-0x000007FEF5E14000-memory.dmp

Filesize
6.4MB

Download