f9114c8acb294c73aa930a8247bbb69bd0f4b59554809d781060465958983d73

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 13:39

Target

Scorpix.exe
Size

68.6MB
MD5

ea6f4cf47e323f4f107e3dcb7b71ff67
SHA1

3ec17c0baf516f6466e0d4d79a408e9e3ef5bf91
SHA256

f9114c8acb294c73aa930a8247bbb69bd0f4b59554809d781060465958983d73
SHA512

c7f9104535d9accfdbff802337d17617aa1ceb267cfe0b85e1911c727acfcfbde35d5ab1d7f426cf788b71851f3d8476ce92294fcf4160119cbd812f750fbdc7
SSDEEP

1572864:WBpMrpXMJX606xXNhA6/xzcfbDKPu1JdQ5UVS1XLNu0Ck:kMNMJX/apcXkuRdVgok

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
792	Scorpix.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019571-22.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 792	3028	Scorpix.exe	30
PID 3028 wrote to memory of 792	3028	Scorpix.exe	30
PID 3028 wrote to memory of 792	3028	Scorpix.exe	30

C:\Users\Admin\AppData\Local\Temp\Scorpix.exe
"C:\Users\Admin\AppData\Local\Temp\Scorpix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\Scorpix.exe
  "C:\Users\Admin\AppData\Local\Temp\Scorpix.exe"
  2⤵
  - Loads dropped DLL
  PID:792

C:\Users\Admin\AppData\Local\Temp\_MEI30282\python310.dll

Filesize
1.4MB

MD5
76cb307e13fbbfb9e466458300da9052

SHA1
577f0029ac8c2dd64d6602917b7a26bcc2b27d2b

SHA256
95066c06d9ed165f0b6f34079ed917df1111bd681991f96952d9ee35d37dc615

SHA512
f15b17215057433d88f1a8e05c723a480b4f8bc56d42185c67bb29a192f435f54345aa0f6d827bd291e53c46a950f2e01151c28b084b7478044bd44009eced8f

Download Submit
memory/792-24-0x000007FEF6210000-0x000007FEF667E000-memory.dmp

Filesize
4.4MB

Download