fd8a52dd8dee2d367e831a1ff474baaacd13b2296580b882d14b86162406416a

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sourceprepared.exe
Size

77.8MB
MD5

60ff27fb8cd08e937ba9b6d1b18840b4
SHA1

1da9a0075d366b81446265f63e27bc85553db2a3
SHA256

fd8a52dd8dee2d367e831a1ff474baaacd13b2296580b882d14b86162406416a
SHA512

62f14b688df29729f76a3f34b89e3c1d383ea9f045886791ea8354123448504cb65cb023ebb9f45cf20b806f5848bdcc2c8d2a7661388aa8de1ec2130022c622
SSDEEP

1572864:pvHcRl3WQKmSk8IpG7V+VPhqYdfzE7tlHegiYweyJulZUdg1hjrrRdECV37U:pvHcR5YmSkB05awcf2dMpuxh/rDNo

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1676	sourceprepared.exe
1676	sourceprepared.exe
1676	sourceprepared.exe
1676	sourceprepared.exe
1676	sourceprepared.exe
1676	sourceprepared.exe
1676	sourceprepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b62-1419.dat	upx
behavioral1/memory/1676-1421-0x000007FEF5840000-0x000007FEF5F05000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1676	2228	sourceprepared.exe	31
PID 2228 wrote to memory of 1676	2228	sourceprepared.exe	31
PID 2228 wrote to memory of 1676	2228	sourceprepared.exe	31

C:\Users\Admin\AppData\Local\Temp\sourceprepared.exe
"C:\Users\Admin\AppData\Local\Temp\sourceprepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\sourceprepared.exe
  "C:\Users\Admin\AppData\Local\Temp\sourceprepared.exe"
  2⤵
  - Loads dropped DLL
  PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
197c3a52b661aa8644efa7018a57f7a4

SHA1
693ffb2c3cd05f4a0b5a226c8ecb9b24bb933487

SHA256
63c4446f645110551e7191bb18e8d001b5e1f48163690c0515fdb693800aa076

SHA512
a339bff342cdb0e536c2440e33f0ded5e5c01527a8c043499423dbd60a6846727138d59b3edeb73718dabdfb16e606f96e31a409f7ebaed81f635255d8214740

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
c17b2ffbfef8e174a4f7c29b102a0986

SHA1
a34e6bcc55f613e6f62ec93234ef2c554e3d2eec

SHA256
70b029b53557fa77b90b57111c21b33617cccf4597ea60a4e93b84df3ea29c86

SHA512
60f55efef717f3be5179f41f019c6d5e1a58f2bb51197cb62b7f6b387a56567463b69efcc33db16ea66ecbd2a3eb2ff9546a47fbce2516efbcdd681c0b3624da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
a5969ee6eef2ae28b62b0cd674e9cdc5

SHA1
53266be1479489c6db7bfec4f3f3375c5caad00d

SHA256
69eb940ab82ed73fbe31a1824a159571adb42ed6d3b13fb9e481c367b440003a

SHA512
6d451676118ac7926c96131c4dc0e63822ce0f38314fbfb130ba5c21782d27d969a1f340c638c94f0115f5bfb83eff18f06c2601d02225fba6dd4efdb2ec2c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
a51217a2e44f0cc387b56040d7a0bbfc

SHA1
40d04e5125ec38b8b334fe2cd006f7fdf26d58eb

SHA256
8b3003b00505dbc0cde18aaf043d9dbbd35f46758a23e3450b8eac4f6b360c59

SHA512
207ed55b4d1cec2b181851342c7284ddc88cc0e9e04fad2c0ef758d604436ed112bd24165a6911abfb9592164e6bb2102d867c5ca62143670284f5fe62c7a11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
2607609b7d03453e567d788fbd94270b

SHA1
7a2cf04658f4251982f06f34012b069732d5ea3a

SHA256
c6611e633208807cf05e5b5f2391d870b3ca4f5012e28a31bac4373b45110219

SHA512
022de2afadc9cec41c2982e43f6e52ccccf66d9715c2ef35240d6948793e18eef130ecea24424ff3961f371dd0f452eb9c5748f75c51bd4bd084535b5c6d8a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\python312.dll

Filesize
1.7MB

MD5
36e9be7e881d1dc29295bf7599490241

SHA1
5b6746aedac80f0e6f16fc88136bcdcbd64b3c65

SHA256
ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e

SHA512
090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\ucrtbase.dll

Filesize
1.1MB

MD5
db441e5850199df76c8243b9e86a9ddb

SHA1
585222bdd82dc6ebf6adbbb1b43a35352a132c3f

SHA256
849f6167339bb3617e1af63268f92bf1343316965e370ea2952b1fd4dae460bf

SHA512
ec20d8570200ef0dc9d9cc1982323b4b57419a02da32841cad4cb408979049ea48b1bc63a9df4f312df0189330accc518184331a56b7a611a372560216abb47f

Download Submit
memory/1676-1421-0x000007FEF5840000-0x000007FEF5F05000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads