Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2024 21:13

General

  • Target

    source_prepared.exe

  • Size

    57.0MB

  • MD5

    9cae439b56996a369ba211c4bd3d7dab

  • SHA1

    166c685f9ec5e35027dc247b6fe0c0d2fba927b5

  • SHA256

    fa7bff5b29ffd67c5303693b6ad6a8c1902806bc0d83309f7ae6d9a4e8aee000

  • SHA512

    43cb184b9621ef6c08c186610681fcf9aac46d5408281865842646458089d0e75419af93ebfac8ee13b6146eef41651e933ec90bc7b60900596034b792f26287

  • SSDEEP

    1572864:JvxZQglq7vaSk8IpG7V+VPhqYdfCE70lgvWDLDxo:JvxZx0eSkB05awcfAevYfO

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:2852
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:984

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-file-l1-2-0.dll

      Filesize

      22KB

      MD5

      b6e10e946a9ffe298894b24155548a1e

      SHA1

      d897a5f8f94dfbafb8ec0710c0dedb17da10c06b

      SHA256

      d94f51335c1f7aaaf454dbfcce422684ea48802fa3945aa9c50950a1fd55c4e7

      SHA512

      f51358456a6e4ea45edb4b4df431c6c5dd8d75016820b11728fbce9061fc416dc259832b1791af3d730001c8deb7e6927385f871d564307219b245907a4c8919

    • C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-file-l2-1-0.dll

      Filesize

      22KB

      MD5

      94b256ae14a2a6ddbdb4dfb63fe4d30f

      SHA1

      7b28d8f1f5aa4af9c441182240c9816352468f3e

      SHA256

      c3e98b8663ab64fdcb2111a5174967f46b49e399c9e98083a18b4defd53f806c

      SHA512

      bd271eac8df6dd79be135f8e04bc08b00474cddc8cb06ad59a9715842f6c05e5dcf4b0c05e241309a940b882369bc19bc9eb38580221f62bba7e06cc39b1cfa6

    • C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-localization-l1-2-0.dll

      Filesize

      22KB

      MD5

      90e7f757acd89e70b45e7481bab6afbe

      SHA1

      493069d3f582aa9d90a7fd90c5c86a8a6a78cd86

      SHA256

      ccc6a3980b5c29005d74f7d5d96eb64f072e182f7bd626013a09cb99f69f7b13

      SHA512

      6c80a27badc8b26859a70665ce5db024d5dd5a67acf18af93efaf667fa6ac7a497a5805972b024447988f6b64f04bad1ac824e3fb2ebfe62f8e8c07051110461

    • C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-processthreads-l1-1-1.dll

      Filesize

      22KB

      MD5

      177f2560d03ed5d87edd2d6af76bc4fd

      SHA1

      448ca149f314709aab2e7f950dde6a467e746c10

      SHA256

      ff3ba56841b02443f428e2715de19f9d655b22ecbbae940b140ac765a69b62f1

      SHA512

      f68becc6a4ceadfa91515f1b00c0538f8c2697f9d28684d7b5df8b47f5529dd10c33ec0955b50e3830a12cd70f3602e0df1ddfec79fb3f531c11df1425848573

    • C:\Users\Admin\AppData\Local\Temp\_MEI27642\python311.dll

      Filesize

      1.6MB

      MD5

      548809b87186356c7ac6421562015915

      SHA1

      8fa683eed7f916302c2eb1a548c12118bea414fa

      SHA256

      6c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1

      SHA512

      c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc

    • C:\Users\Admin\AppData\Local\Temp\_MEI27642\ucrtbase.dll

      Filesize

      1.1MB

      MD5

      a48348dec40d63a4dd77de952344f1c7

      SHA1

      a92bf2cddfdba52b663c39f16b94f08324403d1d

      SHA256

      1c502e581d72edbd2fbdbdb2fe21077c3c3a46a7549585960a85fdb93c612295

      SHA512

      763b0e4013a37d4dbbd472a1c5a6b4a6f56c2cc35abd68db2a0ed71eba240ed28addd41380f85b0762355fb11420d6963c1a042e1f231364532b33083a7ae736

    • \Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-timezone-l1-1-0.dll

      Filesize

      22KB

      MD5

      cbc9d46f3e0ce512b5ff3a8b2f6f4689

      SHA1

      adb2c17b73200f6d1a35dea6faa68691ed43f6bb

      SHA256

      8ef41ef713f3ce6159b667dfe875743633922ab282b4a8fbb6626429f61ed6c5

      SHA512

      b32429041fffb1e9242f3dc4c755a97dbc1d5a354cded3e9b09cea1a94fabc9b45c8f31e15300e1b9f3bf7acbc369063c555d0f6f5ac8860ee06323b06132737

    • memory/2852-1214-0x000007FEF5B70000-0x000007FEF6162000-memory.dmp

      Filesize

      5.9MB

    • memory/2852-1215-0x000007FEF5B70000-0x000007FEF6162000-memory.dmp

      Filesize

      5.9MB