e443fc596e951b82a800ebebf6d8ceb73c8ebd49d79e27891e7fe0e03d9eae59

Analysis

max time kernel
48s
max time network
16s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 14:29

Target

Loader.exe
Size

52.6MB
MD5

b37c85a609a3a9927fb52a185ba1ea4e
SHA1

1cab5544c2c0e7eeeb7bec84c7a83fd2a9739914
SHA256

e443fc596e951b82a800ebebf6d8ceb73c8ebd49d79e27891e7fe0e03d9eae59
SHA512

2f58378573e8c90db68153ac3f1315636089c445dfb6405995e3d3f18923656e8381a201d051fa717942a9e18b3d33b77cb53929276491c87e8ea3524a332761
SSDEEP

1572864:HSwHnqf3Gd6xdnj+YV5sz4+wE7fzqre0KAx:HSOnyo6VVN+poVx

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1248	Loader.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0004000000020664-705.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1248	1860	Loader.exe	28
PID 1860 wrote to memory of 1248	1860	Loader.exe	28
PID 1860 wrote to memory of 1248	1860	Loader.exe	28

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Users\Admin\AppData\Local\Temp\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
  2⤵
  - Loads dropped DLL
  PID:1248

C:\Users\Admin\AppData\Local\Temp\_MEI18602\python312.dll

Filesize
1.8MB

MD5
8adc0fbbbb68a93dfe96fe708c132b91

SHA1
51c0fcdbe7014ee9598ad60e636ac1b8b6e43752

SHA256
ec1c02b311abaa35dc81154eae43574dca0659d0e491e60dc48da424703de0e3

SHA512
edd81400def1dc96982402ae1ffae61de36d13bf156f298b46aca1191cede10e3a6df5d0a8437ef4a0ac9d750f287f74fe41bda9d405ccffc5ad32d46ff8cc16

Download Submit
memory/1248-707-0x000007FEF63D0000-0x000007FEF6AA8000-memory.dmp

Filesize
6.8MB

Download