b2b8a75939a8dab98ded0bb79406bdfa7a6f4161b6d907fac880c4d75f2b13a2

Analysis

max time kernel
9s
max time network
1s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/03/2025, 18:30

Target

Grabber.exe
Size

17.1MB
MD5

3b309140a92fb2c59e7caecfa8fac9b0
SHA1

4bb33ee47de73b6e97a81b89955eca198e3d41be
SHA256

b2b8a75939a8dab98ded0bb79406bdfa7a6f4161b6d907fac880c4d75f2b13a2
SHA512

675df964502d38ce485bfa210b7b1913aaadedc6c02186ddb306b7fbed881cf8514405874d9753aa04b5d4af5f8615e438e0f8f3f4adcf172307fef3793e6ed3
SSDEEP

196608:/7/lOqPns3VjCu1iOjmFp00sKYu/PaQnliuim59IzPqzQKJ8P9qfFC/wzYPOqffN:IqPns359K6Qlli2cPqzt8Fwzd06dAL

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1644	Grabber.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a443-92.dat	upx
behavioral1/memory/1644-94-0x000007FEF5B20000-0x000007FEF6109000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1644	1692	Grabber.exe	30
PID 1692 wrote to memory of 1644	1692	Grabber.exe	30
PID 1692 wrote to memory of 1644	1692	Grabber.exe	30

C:\Users\Admin\AppData\Local\Temp\Grabber.exe
"C:\Users\Admin\AppData\Local\Temp\Grabber.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Users\Admin\AppData\Local\Temp\Grabber.exe
  "C:\Users\Admin\AppData\Local\Temp\Grabber.exe"
  2⤵
  - Loads dropped DLL
  PID:1644

C:\Users\Admin\AppData\Local\Temp\_MEI16922\python311.dll

Filesize
1.6MB

MD5
2c66bb80a338271ef2a8b7fd3d5e55dd

SHA1
1ae43206ccc5c897b345ecb574ced926caf24fd1

SHA256
65270474a91c2b20ab8f1ed3f8fbc4c19516157b6997be0e084ccfcce9298ced

SHA512
df9d6a01660c9390e98f13829d3178d576542ca46b8ead5f00fa6832ca571a745939c75288a552db5a22221c68477cc0e23084e102d6f5b47b36d98b23da988b

Download Submit
memory/1644-94-0x000007FEF5B20000-0x000007FEF6109000-memory.dmp

Filesize
5.9MB

Download