810150e52ae1f79ed5862e0f5c3c71e6ef0f92f7ec093d2f2e329bdc002ad3c1

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 16:57

Target

source_prepared.exe
Size

75.9MB
MD5

f51a731a7f635efc7f3591e3e608f64a
SHA1

dd0bdb77b97cc5064189f19cb2b6702c1183817d
SHA256

810150e52ae1f79ed5862e0f5c3c71e6ef0f92f7ec093d2f2e329bdc002ad3c1
SHA512

a593017f636c50a219818bc9d0c78d45b5276df10490b9f13c8091889562b85938fac0fc1709bc9439a35e5e7a717c204285c07c66c6a824e59e412ebef1beb7
SSDEEP

1572864:H8Vl1xW703Sk8IpG7V+VPhqIUE7WklKiRiY4MHHLeqPNLtDlUZniUG:HKdjSkB05awIAkMiOMHVLtBUol

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

source_prepared.exe

pid process

2960 source_prepared.exe

pid	process
2960	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI25162\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

source_prepared.exe

description	pid	process	target process
PID 2516 wrote to memory of 2960	2516	source_prepared.exe	source_prepared.exe
PID 2516 wrote to memory of 2960	2516	source_prepared.exe	source_prepared.exe
PID 2516 wrote to memory of 2960	2516	source_prepared.exe	source_prepared.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2960

C:\Users\Admin\AppData\Local\Temp\_MEI25162\python310.dll

Filesize
1.4MB

MD5
d53251f4484a0092b00b9451423a5e38

SHA1
0e15a558ec6ae369147ae07a828c0f9d68dceabe

SHA256
9e1dc8da1ed1d0aeacf2b636bd20704d683d0ff15ac0be0c16616a247a9c070b

SHA512
ef9ce3c61d2f4b128eb092e9ae32c4433994aa7ba6f6a25e59c2cbd7afb35155becf8941a8c13e17a57902b7bb5022c06bc1dc5e8ccc1c47d22dbe8c39037649

Download Submit
memory/2960-1269-0x000007FEF65D0000-0x000007FEF6A3E000-memory.dmp

Filesize
4.4MB

Download