5cc9f89fa897d748305dc7db2cfc0e6cdab0497c63e10916618d4f43e0d9d116

Analysis

max time kernel
4s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

12.0MB
MD5

3e8a1db0eebcfb6e0a1e576b6ae083e0
SHA1

d58534ae893fb8b1e5ec1ce61163c58f4cc580b1
SHA256

5cc9f89fa897d748305dc7db2cfc0e6cdab0497c63e10916618d4f43e0d9d116
SHA512

fa1f4c4426e66739af25cc5d72f1e583cf484d61a552d77c0ccdc8bb382d35e831d260436ddfe10f4949bc2edbacba0a9a6cddec605208d297e1f3d2a57b5db2
SSDEEP

393216:OJhf4E5EL+9qzt3Uf5hLzz7EAXXB8Wwb:a3Q+9qxmLzz7FmWw

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2216	source_prepared.exe
2216	source_prepared.exe
2216	source_prepared.exe
2216	source_prepared.exe
2216	source_prepared.exe
2216	source_prepared.exe

UPX packed file 32 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023cff-145.dat	upx
behavioral2/memory/2216-149-0x00007FFF73A80000-0x00007FFF74165000-memory.dmp	upx
behavioral2/files/0x0007000000023ced-151.dat	upx
behavioral2/memory/2216-154-0x00007FFF87460000-0x00007FFF87486000-memory.dmp	upx
behavioral2/files/0x0007000000023cfb-153.dat	upx
behavioral2/memory/2216-176-0x00007FFF8ADC0000-0x00007FFF8ADCF000-memory.dmp	upx
behavioral2/files/0x0007000000023cef-177.dat	upx
behavioral2/memory/2216-178-0x00007FFF87170000-0x00007FFF87185000-memory.dmp	upx
behavioral2/files/0x0007000000023cfa-179.dat	upx
behavioral2/files/0x0007000000023cf7-175.dat	upx
behavioral2/files/0x0007000000023cf6-174.dat	upx
behavioral2/files/0x0007000000023cf5-173.dat	upx
behavioral2/memory/2216-180-0x00007FFF73130000-0x00007FFF73652000-memory.dmp	upx
behavioral2/files/0x0007000000023cf4-172.dat	upx
behavioral2/files/0x0007000000023cf3-171.dat	upx
behavioral2/files/0x0007000000023cf2-170.dat	upx
behavioral2/files/0x0007000000023cf1-169.dat	upx
behavioral2/files/0x0007000000023cf0-168.dat	upx
behavioral2/files/0x0007000000023cee-166.dat	upx
behavioral2/files/0x0007000000023cec-165.dat	upx
behavioral2/files/0x0007000000023ceb-164.dat	upx
behavioral2/files/0x0007000000023d90-163.dat	upx
behavioral2/files/0x0007000000023d87-162.dat	upx
behavioral2/files/0x0007000000023d00-161.dat	upx
behavioral2/files/0x0007000000023cfe-160.dat	upx
behavioral2/files/0x0007000000023cfd-159.dat	upx
behavioral2/files/0x0007000000023cfc-158.dat	upx
behavioral2/memory/2216-181-0x00007FFF73A80000-0x00007FFF74165000-memory.dmp	upx
behavioral2/memory/2216-185-0x00007FFF73130000-0x00007FFF73652000-memory.dmp	upx
behavioral2/memory/2216-188-0x00007FFF87170000-0x00007FFF87185000-memory.dmp	upx
behavioral2/memory/2216-187-0x00007FFF8ADC0000-0x00007FFF8ADCF000-memory.dmp	upx
behavioral2/memory/2216-186-0x00007FFF87460000-0x00007FFF87486000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 2216	4844	source_prepared.exe	84
PID 4844 wrote to memory of 2216	4844	source_prepared.exe	84

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI48442\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_asyncio.pyd

Filesize
37KB

MD5
d865cac46b742c0907f0286ee9b7999d

SHA1
80cd9b1e6dc08df4931d91e98d6a685030714e60

SHA256
0e50bc0450b514bb3e546a98871e4402d3fddbef13b8d38fffdb180ab938b7fd

SHA512
07631154f2c2c87d5caefa684e0097e8806750972e64a05d6b4586866194427e746e07a664b0eec3788294ccf6d9cc7700ed0385f6bb0f5a3387069f0c6f475a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_bz2.pyd

Filesize
48KB

MD5
f1bafd0591edc4fcdad9b40ac799c5ca

SHA1
58b2b9e1397885418dbef42912cd94fb8377a21d

SHA256
dd9249bd21899b0a9decf5f3db7c5fac653d5f4fa6de221fdc6573f2b5cb0d4f

SHA512
fe0e281c8cb229040cdb6dc7fea3c1f5d7d0f0cfda8840b503ade97808400c6c0e22a40c45bcb65a2e7480f59a72d64aacefda991d57c48a5c772d7eaa49815b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_ctypes.pyd

Filesize
59KB

MD5
8371c601b0516d4931f65fd264caa3df

SHA1
45ad38209596a4f03b00bd4e04cdd699a291fc1a

SHA256
07b7039d43d909357964e8e286969d10fbd565a33b358b741956e80f69c0b035

SHA512
61a79a1f51ffb2f5bf1e6dc7dc67f2f6b19e02976137a006f5ae19f7fcd76dbcf07db2eabada65f62299ddbb5d0dd1782abb3b76dd4860f93c0836baebbe012e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_decimal.pyd

Filesize
106KB

MD5
103eeb58e30b5e1e37ebac333359873b

SHA1
a69f5e40dafac0182592b5d4c67f16c467f414b8

SHA256
dcdba7439611a4a86996085f26b5ba612ef007cc705765e48e97f07fea8726a4

SHA512
1233531b02973b4c57d72da096d6aee9d0bbada2ef2cc3589e8234eef24170ce06e48ecc326a7a226497d02a7f7c9fb19e7801779089c2ebfb95e84653bc5e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_hashlib.pyd

Filesize
35KB

MD5
21765d517a1b9ca31e3df8279f95fa0e

SHA1
f1d10d2772d5440e891430bae3693fac290dc568

SHA256
d85f7d2f9634870bf1960c118b87ebf8610f29cfffddb5284be88a00fbbbfd6c

SHA512
37459392bc070489dd7cea8718e6bf4c84b7db673da56ec8fd0d2b191c925b351f12640763d631ed06ebc1c18fcc1fe005686c6799cc4895de2a7d60b7a10e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_lzma.pyd

Filesize
85KB

MD5
7a2325cbafc556139e3ffe15ed5f6382

SHA1
68fcfdfe8914d045b744c3b8e9a8a560f1bf35cd

SHA256
e4a1827ac6147475618add577307479dc2727d1621fc8ec9e07924226a2df75c

SHA512
e1c9ec43556dfe10759c2bcb4c57d7d0592e5ba23d325394289224e594e3bea4b01acfee8359e46cf6db9aa36557f910f83a9303ecb68a45bd39a4c763568b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_multiprocessing.pyd

Filesize
27KB

MD5
c79d98745d3529d8ff6556ce21bffcd3

SHA1
905ae0cd42b4ef5908d768ecfb4e2acc17a12c2b

SHA256
6099114215125c526436daac9c0a95905f64ea79709dda70af3cad4020361459

SHA512
34018c224abfdb6652a09cedf745ecc5fb02f27dc9876d0a2557ebf9c4c947996c668703ab51ad212afd1f3b51d9b2ebe4735ad38eaca40c4c2f6345c7a813fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_overlapped.pyd

Filesize
33KB

MD5
91d696b40c4dfad938608a5cf430934a

SHA1
327c967ce98134084695e1a6eb210892c9e101e1

SHA256
d8810143a9c63aad39478f25f00d3c67bdd89554e496dc0ae96b214b6df88835

SHA512
abf261c456d4fdd1f22167ab3eafd1fd669a0fa9d59a57796cf9895a63df05e0aaefd92c63c2d721c8d688996cfb9356abc2480169bc6e9968b58660366c9982

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_queue.pyd

Filesize
26KB

MD5
2fe19aa9a9723e26cfbb82259f89e32f

SHA1
463003879d38a7eec2ebc4eece79189bcd42e7d6

SHA256
9a5e2485b1560d4cfd76a586b74458b18182aa4d9cfba13d57e60e7f093a2c8b

SHA512
eff220edeea978b80da3730219394e470a58cf9732f998bc2c52c2a88c048216380d2772c66f3710373ecb55a2303b20368b29fb6669e66cf15977306e9d057d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_socket.pyd

Filesize
44KB

MD5
e07129b68e89b6844c8638985dceec55

SHA1
bec22fd2640142a284199e60ea656abb868ddc9e

SHA256
82d0b01732b96c6f0d33d536e1fe8467a20f253f134587de71167a271c9e1219

SHA512
538212446a25f95e5723ecc39968e2b58cbd3fe0eda341dd8a794facb41e43e6c12d976e4e776311e1c4d5c75a10ac8e777dfd86aa5953971ea9418967a3ff82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_sqlite3.pyd

Filesize
58KB

MD5
c2ede1127c1895f78bdc2197ebf163b6

SHA1
5768fc50dd704b872c6b0ddf0d0b65ac2c70b615

SHA256
b9cc13feec84f719b849225d65394bdca1654f76c2d6bb404ade11f27dd435f0

SHA512
49c05a1a2f1d3a270eb44630374a84a60098705ad9fa7e7748c6a39d6554fe770630593a8f02bf68e7f12b41d1675e27e8c4e393f5ce039b2cf03e58216cc50e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_ssl.pyd

Filesize
65KB

MD5
73248bd2dcd03d3778ad81ee6f699e75

SHA1
84f177c7b5673ebfcc57361c0b93997967c6d321

SHA256
8f7398ae951ff9b5e568fc1a468246dd959349dc89e7eee791f07a7e60fff17c

SHA512
0d8df78e62e3ce1410379c9a4f8913603c7b0e4aa42f736c0b49cceb3f8720dd5e99bc9771c1e5c8e3b730874aa35049b194e3d38f20fcfc8656fe86cce5d1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\_wmi.pyd

Filesize
28KB

MD5
653cadc52d2844027813a637e954169e

SHA1
eb7f383e4728228d7b10a7ca9bf9f1f0c3288c82

SHA256
4ceee9d310654865b7e09792807d2149bbaae6f5aad8d8237e1c70a552104bbc

SHA512
b7c0a7bd6ef99e388ce91b753a96266cd4a2fb67703e3e79a9a3a1487705aa0c86cb3c5a484d419ac856c2c999f2baa0606ccbf10e669ab88cc9e23640fcb051

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\base_library.zip

Filesize
1.3MB

MD5
499e0120313207d7a3965059f601c3bd

SHA1
000ee5d10e5dd689f377aa089b0a61009b4bc5db

SHA256
cdb21b4804dccf7f595672b604e7342175f6b79e853662d61d65fd938b9a8911

SHA512
9c035800092851b3f88ecae07b854260f5e0f06c9eb1f2e69fd4976c8c84121d277ac587294b68cafdd0a95c15f2545ab25351afcf45163e593f0a6b974b5808

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\crypto_clipper.json

Filesize
167B

MD5
6f7984b7fffe835d59f387ec567b62ad

SHA1
8eb4ed9ea86bf696ef77cbe0ffeeee76f0b39ee0

SHA256
519fc78e5abcdba889647540ca681f4bcb75ab57624675fc60d60ab0e8e6b1c5

SHA512
51d11368f704920fa5d993a73e3528037b5416213eed5cf1fbbea2817c7c0694518f08a272ad812166e15fcc5223be1bf766e38d3ee23e2528b58500f4c4932a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\libcrypto-3.dll

Filesize
1.6MB

MD5
f8076a47c6f0dac4754d2a0186f63884

SHA1
d228339ff131fba16f023ec8fa40c658991eb01f

SHA256
3423134795ab8fce58190ae156d4b5d70053bebe6c9a228bea3281855e5357fa

SHA512
a6d4144cbba4a26edf563806696d312d8a3486122b165aae2c1692defc2828f3ff6bd6a7f24df730ff11c12bc60ac4408f9475c19b543ed1116b0a5d3466300b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\libssl-3.dll

Filesize
223KB

MD5
f4dd15287cd387b289143e65e37ad5ae

SHA1
f37b85d8e24b85eedda5958658cdaa36c4a14651

SHA256
6844483a33468eb919e9a3ef3561c80dd9c4cd3a11ad0961c9c4f2025b0a8dff

SHA512
8583692f19c686cbb58baaf27b4ab464d597025f1ff8596c51ec357e2f71136995b414807a2a84f5409f25a0798cb7c497ddb0018df3a96b75aba39950581a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\pyexpat.pyd

Filesize
88KB

MD5
ba720b54d663918003deaa734616bc8f

SHA1
1e5c97ddad5b9c2aba2243831aebc1670b75e832

SHA256
349647c0dbd48d2814d170615118ee2272c76c1325a6198b671086f24c7c20c4

SHA512
fbeb9a75393509e335869da2a0b07e413faaf40af657b6dec4ba59627ff0652c4b86641aaca08185c22b8b1291a1758303852bff5f3d6e82a7ed15a0b714c998

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\python313.dll

Filesize
1.7MB

MD5
df821294c4174598a8232a58457b6dd2

SHA1
ccc9e42079816628d9c264d08b576f86d0aeb721

SHA256
38630e7ddde353a4549cfb7c771781bc98a25fc89a2be9f73156df7a63b20424

SHA512
eb31f2b034ce8ebb7233c821e3120927206e99e8564686dc6b1ba52f5b6ed832df7481cb722b3eef3f4c3c87ff56c58746e344a3c050599e5f6d205d927affb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\select.pyd

Filesize
25KB

MD5
85c7aeb4bd87b68938dffd1db93a5633

SHA1
e1f1a7ad361ba3bb37621ff971bd56006f9e02d0

SHA256
5d5c0dbc947392b1f7cbb9bbcfdc1f3905215aca4998dd4c1fb9974c8457abe5

SHA512
e8eb078f8ff04db1c3ca141ab7290ee243820395ab4d4c8d881a1e84dc1b5bb439069b89d38a43ec87674c2ce1992a75aeff232205bd397568352209e1d9fd61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\sqlite3.dll

Filesize
629KB

MD5
aa3fe163b4a1f2f4e24edde116ca8899

SHA1
3798f4adfd803ccfdd6981b6580427dc2cc5b78b

SHA256
645a86a9bcbbb336ca14ed4d6090791d17627982ba8deb285a374090993389a5

SHA512
fefde7f036d5721872d22fe9c2917d932f8e774bf90d43bbfc591b95870eca1c82d7713a2ea61535e1a0e6eaf485c66cfbd9a397efee9b5f7890e06ae472860d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48442\unicodedata.pyd

Filesize
296KB

MD5
5afdcc43708c6ea8b8e3a95ea330f92a

SHA1
908b0c5bb01f7b25d2c11386be20a90f9d7fa18e

SHA256
91bd1f57932d225d5e48cc9040b173327d7b56f70511683b9a0537b743e282ab

SHA512
2b1e0bdb698fdbb026500d98357c49825572142752fb5db315e846131acef57e0b1f6613bdcf112406f3b1ccf52583ba8fe5ae1905015d65dd5f855cdffade0b

Download Submit
memory/2216-149-0x00007FFF73A80000-0x00007FFF74165000-memory.dmp

Filesize
6.9MB

Download
memory/2216-180-0x00007FFF73130000-0x00007FFF73652000-memory.dmp

Filesize
5.1MB

Download
memory/2216-154-0x00007FFF87460000-0x00007FFF87486000-memory.dmp

Filesize
152KB

Download
memory/2216-176-0x00007FFF8ADC0000-0x00007FFF8ADCF000-memory.dmp

Filesize
60KB

Download
memory/2216-178-0x00007FFF87170000-0x00007FFF87185000-memory.dmp

Filesize
84KB

Download
memory/2216-181-0x00007FFF73A80000-0x00007FFF74165000-memory.dmp

Filesize
6.9MB

Download
memory/2216-185-0x00007FFF73130000-0x00007FFF73652000-memory.dmp

Filesize
5.1MB

Download
memory/2216-188-0x00007FFF87170000-0x00007FFF87185000-memory.dmp

Filesize
84KB

Download
memory/2216-187-0x00007FFF8ADC0000-0x00007FFF8ADCF000-memory.dmp

Filesize
60KB

Download
memory/2216-186-0x00007FFF87460000-0x00007FFF87486000-memory.dmp

Filesize
152KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads