5af50e7089b4259a365ea246802bfc3b0c86baf3d2c0c0e9d73e8e966d1588d7

Analysis

max time kernel
20s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/03/2025, 17:19

Target

GiftcardGen.exe
Size

7.7MB
MD5

f5af07e70e0fc5e0edb2d58ae5117a6a
SHA1

cb92b482a5c5736ea73309930e8529f4e1556aa2
SHA256

f2d0eb0e4b29165a46d533f9bc5733d318aae5e9a8b325ef5fc9dbcb8b296b00
SHA512

199b39ab61c96a15101bea5998aab840ded3a4098a746c5fab2dcf177759053ddf96df5b8eada5de72aa35d3b93d994259f94da0515431f6d775aabc6ec671de
SSDEEP

196608:hWWx06+AjwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoG:YfIH20drLYRZjoG

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
3004	GiftcardGen.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000d00000001866e-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 3004	2788	GiftcardGen.exe	30
PID 2788 wrote to memory of 3004	2788	GiftcardGen.exe	30
PID 2788 wrote to memory of 3004	2788	GiftcardGen.exe	30

C:\Users\Admin\AppData\Local\Temp\GiftcardGen.exe
"C:\Users\Admin\AppData\Local\Temp\GiftcardGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Users\Admin\AppData\Local\Temp\GiftcardGen.exe
  "C:\Users\Admin\AppData\Local\Temp\GiftcardGen.exe"
  2⤵
  - Loads dropped DLL
  PID:3004

C:\Users\Admin\AppData\Local\Temp\_MEI27882\python313.dll

Filesize
1.8MB

MD5
2a4aad7818d527bbea76e9e81077cc21

SHA1
4db3b39874c01bf3ba1ab8659957bbc28aab1ab2

SHA256
4712a6bb81b862fc292fcd857cef931ca8e4c142e70eaa4fd7a8d0a96aff5e7e

SHA512
d10631b7fc25a8b9cc038514e9db1597cec0580ee34a56ce5cfc5a33e7010b5e1df7f15ec30ebb351356e2b815528fb4161956f26b5bfaf3dce7bc6701b79c68

Download Submit
memory/3004-23-0x000007FEF5E00000-0x000007FEF6464000-memory.dmp

Filesize
6.4MB

Download