467ed67977c96bd2a231f773778f85fe79ee845efc37ee6fe39e14b69da82d36

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 21:16

Target

polar.exe
Size

6.0MB
MD5

b93e1ede650472b073afc3c77956ce18
SHA1

c6af00430a0fb660ca57fe22b299d4a41b11882d
SHA256

467ed67977c96bd2a231f773778f85fe79ee845efc37ee6fe39e14b69da82d36
SHA512

d4461a4172b8cdbb533d73640f013f07543346de13ed0782d87ba3ebc4c34926c35f5de09da2a056045850605613833e853b57fb046b6b75eb2c473d0426764c
SSDEEP

98304:fmEtdFBgQamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RSBM1y3JTsY2TX:fFFMeN/FJMIDJf0gsAGK4RSu17fTX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2944	polar.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001944f-21.dat	upx
behavioral1/memory/2944-23-0x000007FEF6320000-0x000007FEF678E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 2944	768	polar.exe	30
PID 768 wrote to memory of 2944	768	polar.exe	30
PID 768 wrote to memory of 2944	768	polar.exe	30

C:\Users\Admin\AppData\Local\Temp\polar.exe
"C:\Users\Admin\AppData\Local\Temp\polar.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:768
- C:\Users\Admin\AppData\Local\Temp\polar.exe
  "C:\Users\Admin\AppData\Local\Temp\polar.exe"
  2⤵
  - Loads dropped DLL
  PID:2944

C:\Users\Admin\AppData\Local\Temp\_MEI7682\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2944-23-0x000007FEF6320000-0x000007FEF678E000-memory.dmp

Filesize
4.4MB

Download