1493e235477b9514f54ff420d0ab5d096e94dfcc885fcb5ac227ea3bc014acad

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 23:16

Target

Solarasis.exe
Size

50.5MB
MD5

f65e2a4ca6f6da06ad6b5ab017e8f606
SHA1

8953d0ceef9e1bc6c54dfe5f0cac47879bdb2d1b
SHA256

1493e235477b9514f54ff420d0ab5d096e94dfcc885fcb5ac227ea3bc014acad
SHA512

0e99ac29ce6238d85d0ea69eeba2dba8e2577aac37c98cde7fc9c0d5a8b8aa278f150184f5657f6c8ffda758dcf0b24425d2ff28c051bb00cba33d88c87c8b9c
SSDEEP

1572864:vGGefWTsmTSk8IpG7V+VPhqb+VxTivfSlRISereyaAPeEV:uGaCsmTSkB05awb+Vxen+RXerXVPeEV

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
648	Solarasis.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000300000002099d-1104.dat	upx
behavioral1/memory/648-1106-0x000007FEF5460000-0x000007FEF5A49000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 648	2368	Solarasis.exe	30
PID 2368 wrote to memory of 648	2368	Solarasis.exe	30
PID 2368 wrote to memory of 648	2368	Solarasis.exe	30

C:\Users\Admin\AppData\Local\Temp\Solarasis.exe
"C:\Users\Admin\AppData\Local\Temp\Solarasis.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\Solarasis.exe
  "C:\Users\Admin\AppData\Local\Temp\Solarasis.exe"
  2⤵
  - Loads dropped DLL
  PID:648

C:\Users\Admin\AppData\Local\Temp\_MEI23682\python311.dll

Filesize
1.6MB

MD5
8ea69ca2292c3af9cdb46dded91bc837

SHA1
72de7df68b2c336720d1528c34f21ff00ed7a2ce

SHA256
3512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49

SHA512
fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc

Download Submit
memory/648-1106-0x000007FEF5460000-0x000007FEF5A49000-memory.dmp

Filesize
5.9MB

Download