4c260966a4ec1f7b53cd4802b66f14db5e5ebd657bb327c68522f67d345c7e5f

Analysis

max time kernel
1563s
max time network
1568s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 21:47

Target

DIDDY.exe
Size

75.4MB
MD5

71fa5e05dbb785dc82ed7623d5aa7614
SHA1

e5cd78249d87b2b2a8f8d9a8071bf907a8d2bb86
SHA256

4c260966a4ec1f7b53cd4802b66f14db5e5ebd657bb327c68522f67d345c7e5f
SHA512

6dff154ee19df4772a0b6f905f54d4d2445840f5bd56428a451bf14155fe460d9c029e7d765a00bc515911874a6420ec590353df1e5a900619698a4087226aec
SSDEEP

1572864:UvhQ6l8LSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWtvZLkI9Q:Uvh1iLSkB05awIxTy5nMHVLteSkWIa

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

DIDDY.exe

pid process

2852 DIDDY.exe
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\_MEI24242\python310.dll upx
behavioral1/memory/2852-1263-0x000007FEF6510000-0x000007FEF697E000-memory.dmp upx
Suspicious use of WriteProcessMemory 3 IoCs

Processes:

DIDDY.exe

description pid process target process

PID 2424 wrote to memory of 2852 2424 DIDDY.exe DIDDY.exe
PID 2424 wrote to memory of 2852 2424 DIDDY.exe DIDDY.exe
PID 2424 wrote to memory of 2852 2424 DIDDY.exe DIDDY.exe

pid	process
2852	DIDDY.exe

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI24242\python310.dll	upx
behavioral1/memory/2852-1263-0x000007FEF6510000-0x000007FEF697E000-memory.dmp	upx

description	pid	process	target process
PID 2424 wrote to memory of 2852	2424	DIDDY.exe	DIDDY.exe
PID 2424 wrote to memory of 2852	2424	DIDDY.exe	DIDDY.exe
PID 2424 wrote to memory of 2852	2424	DIDDY.exe	DIDDY.exe

C:\Users\Admin\AppData\Local\Temp\DIDDY.exe
"C:\Users\Admin\AppData\Local\Temp\DIDDY.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2424

C:\Users\Admin\AppData\Local\Temp\DIDDY.exe
"C:\Users\Admin\AppData\Local\Temp\DIDDY.exe"
2⤵
- Loads dropped DLL
PID:2852

C:\Users\Admin\AppData\Local\Temp\_MEI24242\python310.dll
Filesize
1.4MB

MD5
933b49da4d229294aad0c6a805ad2d71

SHA1
9828e3ce504151c2f933173ef810202d405510a4

SHA256
ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

SHA512
6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

Download Submit
memory/2852-1263-0x000007FEF6510000-0x000007FEF697E000-memory.dmp

Filesize
4.4MB

Download