8217913720f79930ee8a7780ffc0c9b379cc69435074e9bfe35058452ac45f65

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 01:33

Target

NEVEROPEN.exe
Size

9.6MB
MD5

2b6ac351d80613b7e7bbf0d2ac64ff54
SHA1

179599a4723a174dd903383bd808afa685d0e54b
SHA256

8217913720f79930ee8a7780ffc0c9b379cc69435074e9bfe35058452ac45f65
SHA512

0249ae1429747c3cda570a3d501856dcdfcdbd9db88920b69f44ecb6224bfc8254c6e68687a6dc3407f1bcf0c7da8e202c20563f94f74a1610f380369a334ee1
SSDEEP

196608:x51Z3x3m/acemXyuSyTde8jDeNMHFJMIDJ+gsAGKkR5QdNzly10AAQo+:5ftByxjj44Fqy+gs1gjA

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2864	NEVEROPEN.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019611-46.dat	upx
behavioral1/memory/2864-48-0x000007FEF5540000-0x000007FEF59AE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2864	1044	NEVEROPEN.exe	30
PID 1044 wrote to memory of 2864	1044	NEVEROPEN.exe	30
PID 1044 wrote to memory of 2864	1044	NEVEROPEN.exe	30

C:\Users\Admin\AppData\Local\Temp\NEVEROPEN.exe
"C:\Users\Admin\AppData\Local\Temp\NEVEROPEN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\NEVEROPEN.exe
  "C:\Users\Admin\AppData\Local\Temp\NEVEROPEN.exe"
  2⤵
  - Loads dropped DLL
  PID:2864

C:\Users\Admin\AppData\Local\Temp\_MEI10442\python310.dll

Filesize
1.4MB

MD5
fc7bd515b12e537a39dc93a09b3eaad6

SHA1
96f5d4b0967372553cb106539c5566bc184f6167

SHA256
461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164

SHA512
a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122

Download Submit
memory/2864-48-0x000007FEF5540000-0x000007FEF59AE000-memory.dmp

Filesize
4.4MB

Download