d7fad0808e62d411559bf336aeff578c45787f3c1b661eb019b36b2e5b0b3ac0

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

82.1MB
MD5

1707eecd089be69fee2707d221895a7e
SHA1

7c2050a3ba06ccb1441ad6a862fa2cb2876a772e
SHA256

d7fad0808e62d411559bf336aeff578c45787f3c1b661eb019b36b2e5b0b3ac0
SHA512

9661ff51aa3fbf0afa5463da61b6f6df6a0aa1d76e056bb4f2660bcc42e533c8b976b6ea8e609b9292d8ad69be8fdac7abb9581a573b40448fe9df2ed5e32ebf
SSDEEP

1572864:SGKlgWjcYz0hSk8IpG7V+VPhqHJE7bbli08iYgj+h58sMwmDLZcj:7KibDSkB05awHAw025qn

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

Processes:

source_prepared.exe

pid	process
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe
2040	source_prepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI21202\python311.dll	upx
behavioral1/memory/2040-1329-0x000007FEF5D90000-0x000007FEF6378000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

source_prepared.exe

description	pid	process	target process
PID 2120 wrote to memory of 2040	2120	source_prepared.exe	source_prepared.exe
PID 2120 wrote to memory of 2040	2120	source_prepared.exe	source_prepared.exe
PID 2120 wrote to memory of 2040	2120	source_prepared.exe	source_prepared.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-fibers-l1-1-1.dll

Filesize
41KB

MD5
46173f3aaeb1830adb3f6cb19bc9fe13

SHA1
5bacc120a80d0ef4722d1489c0563b95f99d1a99

SHA256
affc96d5aa19b374be7a56a859980b56858e22f2a221da8513eec42ffd21a718

SHA512
15f24097564fc57c0f05b1f08043b2789b18a638452018078d262038c407a8ce16658a208c58356ba81146c7a312c054d5b7e9c8d69d19b2cb833500e90c1648

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-file-l1-2-0.dll

Filesize
41KB

MD5
85496fce62c235a881dbe880c2b675a0

SHA1
8358f22d29ce31b9f9a8ec5ad440eb1a55f01433

SHA256
8ae99e14f909b91faa3163fc0f9c2a904de1ee5ebba342d708f747276c9d7ca8

SHA512
d0df9266b21e41a64a096ed0b567a0916d352c7fc9aa7c7ffe819c21a4e3552e79badb88c4829d2580643f86a58e191ad853de1d0e282f16f84a44a741782cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-file-l2-1-0.dll

Filesize
41KB

MD5
dbc82f123f6888c0efd2aa7bee02707b

SHA1
76c95b72a671830e8590e104448f92180c10006a

SHA256
a5993dc5b4fbc0b2463537666bd0f19b3e9824fc4933490278091877bfd707f0

SHA512
547bb55c8337816494597ec796f75838594d3abd6ac24fe5692b28ef9a5af338dfeba17875854b89a21381bfaf41613e072fb632272547762283cae6474fd8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
41KB

MD5
1190c9c96d3d54b0062b2aa07c345e07

SHA1
9da3cb7923d46eab3704e0521700bd645a27d860

SHA256
cd694dd9de1e8f62ddf41952550310c10264f677c153371b3cc3ff8f68280019

SHA512
e2284e713ea1f78bd4ebb08c6eb279ee3b85b404b96bc75fcb2a23d862815e37773edb31d7eb625f688f9d412d16d3388029e3dc53262b29dd5a6fa8c0bd83d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-localization-l1-2-0.dll

Filesize
41KB

MD5
24739ebbf1e51b4106518b09f0d26b38

SHA1
b90e291f502afa76922e01c1eddf0f95626957f6

SHA256
7ac6b6ad7094b606bfb194230ca16b6436bcecd4669a1cfcfd880e25ef3bd106

SHA512
6da9d0aaec46e9f9dd5b0cf865075e88390500bdb7aa04f17c961ff8db8a3f1238812b31aed451583c2e1431f3e447418e745cdbc82beccfb8a004522c1b1d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
41KB

MD5
605d8a1ae34b7ee0b92fb5fbdfaacd8b

SHA1
6f62d615fa91c9707ab03995a690c41cb1a7f34d

SHA256
2aaa351f7d1e423ecfd6db6550b1f7d6ef8c76afe238e8491aa7e4827615edd2

SHA512
ee7ddd2bae12e32ad78625f1a2e7efbd83962cbf1251ee429b3ee3e85170f29fec474489cee57089fe23b60fd5097b44980abaaf4ec542df757e6cad8a55c708

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
41KB

MD5
7284671ec86b78c730efb85947c11122

SHA1
3fbf601e0443521081356c20a6d6f3f4e6338a28

SHA256
d77af2a15be5a51cd242c142d755fcafad76af9b57e472179f8c23f0790f106d

SHA512
a29177ded3a23d7bc04f1aa903ff0a63cc9a661335b02e5b913c780bbd4a072ec5b7ca5891fd3a53e9b1b6d3b5ede4b68224da5657c35485137d22ccf8ca7d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
41KB

MD5
0f6e970dea277438d33eed6a6a61709f

SHA1
34619c9343296107c404dbb11de00affe97185f9

SHA256
c88c3678a4e1bee3f12b2ce947f3bc37ed3d3231a5801ea822cc2c28fa87b078

SHA512
5122e116cb430382419fb205154b96d6e02812230b29d25c6e55f01ff889bcaa1fca9d4eebb04733ec19fb0f8f2785898b5cfe5e2204acd8e7e9884df1b9de1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\ucrtbase.dll

Filesize
1.3MB

MD5
5dd82151d2d8e2c0f1fba4ffb493baed

SHA1
12e24daa8902eb0c46cd8497666633f7ce9a8b58

SHA256
ee847c9d37eb901945ddccc2de73f657e3e92b148ae863b63e7f97d05ed558cb

SHA512
d00ba48b4614d2822e26c3bbdfaa171792dfab52bb50f16e66bdbb53efcef3d9b0e2d35816a40c787a63f5fdd8cc494ec5172c001f25e0ae42645cef330ddf5b

Download Submit
memory/2040-1329-0x000007FEF5D90000-0x000007FEF6378000-memory.dmp

Filesize
5.9MB

Download