550523a10cf436a25b8fc2c431f593ddad838c6a9a0e952f8f319a1e479265e1

Analysis

max time kernel
6s
max time network
2s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 06:35

Target

SolaraV2.1.exe
Size

18.6MB
MD5

2f8048394e6b1d1dcf7a290adfb0c7f1
SHA1

ac735c3ebbda361379a2c90f0a494d530c409c3e
SHA256

550523a10cf436a25b8fc2c431f593ddad838c6a9a0e952f8f319a1e479265e1
SHA512

1e68b10dd8c00f84fff615a2f33847e16c81b78ab9af1ce2226f332c6aa5e1778384997f900fce47422daffc4d9ee532d6734df25e33f2517b72a9ecd4bfcf8e
SSDEEP

393216:oqPnLFXlr4mQ8DOETgsvfGFzgNNamJvE4rNC1u2YWm:ZPLFXN/QhEE07+V1u5

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

SolaraV2.1.exe

pid	Process
2112	SolaraV2.1.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/files/0x000500000001a58d-119.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SolaraV2.1.exe

description	pid	Process	procid_target
PID 1700 wrote to memory of 2112	1700	SolaraV2.1.exe	30
PID 1700 wrote to memory of 2112	1700	SolaraV2.1.exe	30
PID 1700 wrote to memory of 2112	1700	SolaraV2.1.exe	30

C:\Users\Admin\AppData\Local\Temp\SolaraV2.1.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraV2.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\SolaraV2.1.exe
  "C:\Users\Admin\AppData\Local\Temp\SolaraV2.1.exe"
  2⤵
  - Loads dropped DLL
  PID:2112

C:\Users\Admin\AppData\Local\Temp\_MEI17002\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/2112-121-0x000007FEF5980000-0x000007FEF5DEE000-memory.dmp

Filesize
4.4MB

Download