8c730517d54a0156c1262047af0fd145e2e110805d57ed7012a8a16507f7e51b

Analysis

max time kernel
1s
max time network
5s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/08/2024, 06:16

Target

Solaris/Solaris.exe
Size

10.6MB
MD5

34edeef899a2d56e3bf777099f851c8f
SHA1

23a1fea23e8a31a4e667b391f03067a7e63666d6
SHA256

d96c6138b13ddb64107b40a3b4f08309ba83ba9cd064947ab7cf7a14f162930a
SHA512

a6bbaf7ac0374c155c08fb47567aa1d6cab35b85cfc4c3b7a8587ccda82b9c4edbd8ffc7da167e125f1a06e3e309416ced6dab135c20e41336b348b05005aea7
SSDEEP

196608:1c5vzN6WvJc4+qv8ROPkVOEYNLjv+bhqNVoisCk5c7GpNlY41J26vUiJkbk9VtlE:g8Wvz+q0skVOrL+9qztsCk+7q3T1JNT+

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2932	Solaris.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000018fc2-30.dat	upx
behavioral1/memory/2932-32-0x000007FEF6660000-0x000007FEF6D38000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2932	2780	Solaris.exe	30
PID 2780 wrote to memory of 2932	2780	Solaris.exe	30
PID 2780 wrote to memory of 2932	2780	Solaris.exe	30

C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe
"C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe
  "C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe"
  2⤵
  - Loads dropped DLL
  PID:2932

C:\Users\Admin\AppData\Local\Temp\_MEI27802\python312.dll

Filesize
1.8MB

MD5
cfa2e5cdda9039831f12174573b20c7b

SHA1
c63a1ffd741a85e483fc01d6a2d0f7616b223291

SHA256
b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d

SHA512
f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

Download Submit
memory/2932-32-0x000007FEF6660000-0x000007FEF6D38000-memory.dmp

Filesize
6.8MB

Download