5d887dd72893e3bd40b291a1dc3ea2bc94f6d0daf4de318bd1005b57fbe114ca

Resubmissions

26-01-2025 00:32

04-10-2024 13:21

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 13:21

Target

SolaraV3.exe
Size

6.0MB
MD5

7dd77a8611b56c1ed090293e3ab40f08
SHA1

1cb4be6453ab5dbeebd8339e0ec4264d6efa611c
SHA256

5d887dd72893e3bd40b291a1dc3ea2bc94f6d0daf4de318bd1005b57fbe114ca
SHA512

755ebb1e999ede433f4734552ca91677d33f9309993891435201ed04a539c1537bf80d4c6b45475a8b461ca235a92b27de0f07cfdeb84aaaa467407929523b2e
SSDEEP

196608:PrumWebTeOjmFwDRxtYSHdK34kdai7bN3m2EQca:KUK2pM9B3Q9w

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1236	SolaraV3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/files/0x0006000000016dbe-21.dat	upx
behavioral2/memory/1236-23-0x000007FEF5B00000-0x000007FEF5F66000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1236	2444	SolaraV3.exe	28
PID 2444 wrote to memory of 1236	2444	SolaraV3.exe	28
PID 2444 wrote to memory of 1236	2444	SolaraV3.exe	28

C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe
  "C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe"
  2⤵
  - Loads dropped DLL
  PID:1236

C:\Users\Admin\AppData\Local\Temp\_MEI24442\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
memory/1236-23-0x000007FEF5B00000-0x000007FEF5F66000-memory.dmp

Filesize
4.4MB

Download