17a23d57f73e55cd7e491dc484e7d4ce613cfa157810aa50f786941424bc29e7

Analysis

max time kernel
2s
max time network
3s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 17:58

Target

Scorpix-ExecutorV3.1.exe
Size

63.1MB
MD5

c0c4d06bd71a789eb8f4a979e6cc619a
SHA1

0e360884f80849fd704335979561413b1c0d09b2
SHA256

17a23d57f73e55cd7e491dc484e7d4ce613cfa157810aa50f786941424bc29e7
SHA512

1098734fed057b6f9f8475b00fed4e03864b63f02a937ad0725d92ecf680ee527966168defe60b491c6f0ac3fc4f31bdbdc8644d3dd1a393a052e69801c88e6e
SSDEEP

1572864:D/Q5QqMrlpA+Ql4NnJ7W0MVvIswqrS5nNxG:D/QyklERW0MVvpwL

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
620	Scorpix-ExecutorV3.1.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020816-737.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 620	3008	Scorpix-ExecutorV3.1.exe	28
PID 3008 wrote to memory of 620	3008	Scorpix-ExecutorV3.1.exe	28
PID 3008 wrote to memory of 620	3008	Scorpix-ExecutorV3.1.exe	28

C:\Users\Admin\AppData\Local\Temp\Scorpix-ExecutorV3.1.exe
"C:\Users\Admin\AppData\Local\Temp\Scorpix-ExecutorV3.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\Scorpix-ExecutorV3.1.exe
  "C:\Users\Admin\AppData\Local\Temp\Scorpix-ExecutorV3.1.exe"
  2⤵
  - Loads dropped DLL
  PID:620

C:\Users\Admin\AppData\Local\Temp\_MEI30082\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
memory/620-739-0x000007FEF5AF0000-0x000007FEF60D8000-memory.dmp

Filesize
5.9MB

Download