66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 21:59

Target

$RPAIWC9.exe
Size

18.9MB
MD5

b68a3093e0f77802255c0c21ab540b7b
SHA1

762d66d54be02964d5e8ab4dc2695d66fe484c6a
SHA256

66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754
SHA512

4ff87677faf9903c86d9cbfc73e5972b88a922682797e358c83b916aa5681b0063e2c748076c1b3f6f9b99e169da4c0fd8cefc3e3c7b2c6203edba647a953a4c
SSDEEP

393216:3xAlniYXPu8BRq/m3pznlPSF3VqevE8LzdChd1lr:OliYXP5qKznlEqescsl

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

$RPAIWC9.exe

pid process

2952 $RPAIWC9.exe
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\_MEI16522\python311.dll upx
behavioral1/memory/2952-104-0x000007FEF58C0000-0x000007FEF5EAA000-memory.dmp upx

pid	process
2952	$RPAIWC9.exe

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI16522\python311.dll	upx
behavioral1/memory/2952-104-0x000007FEF58C0000-0x000007FEF5EAA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

$RPAIWC9.exe

description	pid	process	target process
PID 1652 wrote to memory of 2952	1652	$RPAIWC9.exe	$RPAIWC9.exe
PID 1652 wrote to memory of 2952	1652	$RPAIWC9.exe	$RPAIWC9.exe
PID 1652 wrote to memory of 2952	1652	$RPAIWC9.exe	$RPAIWC9.exe

C:\Users\Admin\AppData\Local\Temp\$RPAIWC9.exe
"C:\Users\Admin\AppData\Local\Temp\$RPAIWC9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\$RPAIWC9.exe
"C:\Users\Admin\AppData\Local\Temp\$RPAIWC9.exe"
2⤵
- Loads dropped DLL
PID:2952

C:\Users\Admin\AppData\Local\Temp\_MEI16522\python311.dll
Filesize
1.6MB

MD5
53b1a9474ddc3a31adf72011dc8da780

SHA1
36f476d318acca6a12d3625b02cb14ab19534db7

SHA256
357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7

SHA512
290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881

Download Submit
memory/2952-104-0x000007FEF58C0000-0x000007FEF5EAA000-memory.dmp

Filesize
5.9MB

Download