793299d2d22a9849b67dec8735eb8fdb2ac6cdc763aadce73e84781c0c5a3f41

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/11/2024, 22:04 UTC

Target

Solarasis.exe
Size

81.1MB
MD5

b41e2edfeeeb3e677601e4502e594b41
SHA1

7df750c6f3d0402ed53b8c61b0d0956deefa428e
SHA256

793299d2d22a9849b67dec8735eb8fdb2ac6cdc763aadce73e84781c0c5a3f41
SHA512

ba50524a77d9f227430a1e96c9f1cc5ce8109c1f3b80032a682800ff815438e0ecfbbfdb20f037be2a94677698d6416edcf45c879d0b8268b58aa79c643cf812
SSDEEP

1572864:mGKlXebWTsmwSk8IpG7V+VPhqb+T9E7sliHiYgj+h58sMw5I8erchHQcJFg:3KRCCsmwSkB05awb+TZwZ5FderKJg

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2596	Solarasis.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a85-1263.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2596	2184	Solarasis.exe	30
PID 2184 wrote to memory of 2596	2184	Solarasis.exe	30
PID 2184 wrote to memory of 2596	2184	Solarasis.exe	30

C:\Users\Admin\AppData\Local\Temp\Solarasis.exe
"C:\Users\Admin\AppData\Local\Temp\Solarasis.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\Solarasis.exe
  "C:\Users\Admin\AppData\Local\Temp\Solarasis.exe"
  2⤵
  - Loads dropped DLL
  PID:2596

C:\Users\Admin\AppData\Local\Temp\_MEI21842\python311.dll

Filesize
1.6MB

MD5
8ea69ca2292c3af9cdb46dded91bc837

SHA1
72de7df68b2c336720d1528c34f21ff00ed7a2ce

SHA256
3512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49

SHA512
fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc

Download Submit
memory/2596-1265-0x000007FEF5560000-0x000007FEF5B49000-memory.dmp

Filesize
5.9MB

Download