2bc3c65fae825cb4d7c1e34a579fe6aed5aef201db251649ce16e7cf13dcf7c2

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 18:16

Target

LOGGED.exe
Size

74.0MB
MD5

cf6fb14c4dcb8a424d3154953a86fdf7
SHA1

d181373763516d4ada6bc1a4bf7b88cfed0032a9
SHA256

2bc3c65fae825cb4d7c1e34a579fe6aed5aef201db251649ce16e7cf13dcf7c2
SHA512

c3f4d52efc5bd723b109dd7ad832130d64b8367bb7a57e6f6ccba0e4351b3e1dc2199bb6bca26852a5f1c776191d0bcb0f9c671fe87f2448915c96b0d3de8c74
SSDEEP

1572864:/QwYC+7xMkRCtQkTMT2Zr9yre77nD0CpbeQ/KZYlctCqkFj23tWoG8g2cnr5:/306kkQkTyCAS/DrbSQctXkFj29UbJr5

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

LOGGED.exe

pid process

2216 LOGGED.exe

pid	process
2216	LOGGED.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

LOGGED.exe

description	pid	process	target process
PID 2848 wrote to memory of 2216	2848	LOGGED.exe	LOGGED.exe
PID 2848 wrote to memory of 2216	2848	LOGGED.exe	LOGGED.exe
PID 2848 wrote to memory of 2216	2848	LOGGED.exe	LOGGED.exe

C:\Users\Admin\AppData\Local\Temp\LOGGED.exe
"C:\Users\Admin\AppData\Local\Temp\LOGGED.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\LOGGED.exe
"C:\Users\Admin\AppData\Local\Temp\LOGGED.exe"
2⤵
- Loads dropped DLL
PID:2216

C:\Users\Admin\AppData\Local\Temp\_MEI28482\python311.dll
Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit