c96afebeb6384f5a8df6ea00238d12d724611fdf4f3b7f93fb651784a86346f1

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-11-2024 02:25

Target

Nexar.exe
Size

76.0MB
MD5

00699fc912d0f2d4d3a397ffaf2911dd
SHA1

3bb6090301df35e7271fdf950bc7446032fb18ac
SHA256

c96afebeb6384f5a8df6ea00238d12d724611fdf4f3b7f93fb651784a86346f1
SHA512

ff155952a8048a0b4afe972c695f97db3830a24913f41381ef16c2d094dabf629a5b6aec19a4f9569183f563e040845780239f27b51468bed1d3660f38177326
SSDEEP

1572864:t8VlCWo03Sk8IpG7V+VPhqIUE7WCylKtFiY4MHHLeqPNLtDan2WVZLw4PV:tKE2SkB05awIACyMoMHVLten/Vi4N

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1712	Nexar.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a34-1264.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1712	3068	Nexar.exe	30
PID 3068 wrote to memory of 1712	3068	Nexar.exe	30
PID 3068 wrote to memory of 1712	3068	Nexar.exe	30

C:\Users\Admin\AppData\Local\Temp\Nexar.exe
"C:\Users\Admin\AppData\Local\Temp\Nexar.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\Nexar.exe
  "C:\Users\Admin\AppData\Local\Temp\Nexar.exe"
  2⤵
  - Loads dropped DLL
  PID:1712

C:\Users\Admin\AppData\Local\Temp\_MEI30682\python310.dll

Filesize
1.4MB

MD5
933b49da4d229294aad0c6a805ad2d71

SHA1
9828e3ce504151c2f933173ef810202d405510a4

SHA256
ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

SHA512
6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

Download Submit
memory/1712-1266-0x000007FEF6000000-0x000007FEF646E000-memory.dmp

Filesize
4.4MB

Download