22baaba25797de596354e5d2120e81300c6e3e9b790ea6b4b6a4eee1b35967ff

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/12/2024, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

43.3MB
MD5

c7e375b66b53320ee07557295b313f06
SHA1

05a2a346f65c3354d372c751b5f8d41f3843bce6
SHA256

22baaba25797de596354e5d2120e81300c6e3e9b790ea6b4b6a4eee1b35967ff
SHA512

3678d3027036c346133839b2082fa755ad6d789ee18182e5bf3d2e5cffa70715a6c7abf522df759b6541690a99d076c10daf59ff7fe4bf7453d08d0c037b0757
SSDEEP

786432:+mbcrJbTiumfS7yyyxDiXHvIiBNu08e2KnDER0rhE5KUlT3VsbAo:+drxTivfSD5NTN2KDERwIzV6Ao

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe
1776	source_prepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001c8bc-214.dat	upx
behavioral1/memory/1776-216-0x000007FEF68F0000-0x000007FEF6F53000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 1776	2644	source_prepared.exe	31
PID 2644 wrote to memory of 1776	2644	source_prepared.exe	31
PID 2644 wrote to memory of 1776	2644	source_prepared.exe	31

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26442\python313.dll

Filesize
1.8MB

MD5
d8064129e98609f661abbed76e1a3a90

SHA1
10c8e18616bd3012045e9a0f349add4e4e8e8db4

SHA256
dea683826da43766b4902881d5e5924c181d69d35238df654e230070695d5ca4

SHA512
06e51dac672a4897026c65920eb4e3f119b4b2935ee525b07f1f1de0e2975e9d101ea913d75e479f29f09bb1b510f89b46d879abbc14035e877a3f5b4b69abd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\ucrtbase.dll

Filesize
1.3MB

MD5
9ccd6181c279edbbb602249f245c1001

SHA1
4fb78797395f2e5b08663c7e2e5eb89784581da2

SHA256
4963a3530382aae748ca76b5d113b828f7d402e0890a4e8e0fba6ea47c8ccc5e

SHA512
2699708384f2bd2adb797b72f82c311844b6e79a40309ca860d98d91a1a02d8abcf8c4d8d137f1291882ee6f70b10dbc691f841c53082db63df385ffeffb1844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-fibers-l1-1-1.dll

Filesize
41KB

MD5
43034b2a0c12a90703a5a675c3281875

SHA1
a0fb6671dfde8dca91b2695a509da39c241d4cba

SHA256
ed56b23081e1b4a9d656f5303522f9706962c64a39be5ac4103c7a4bb4683493

SHA512
d99c8cde439fd36b525672b14819033c9e81d35e3ac4d1e99a13a122219567da34044539b22c915c0bb2ae9c2a7e80a34d65431a5f443bd39bc6604cd414a8bc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-file-l1-2-0.dll

Filesize
41KB

MD5
01a3313a97977282f26db06f15b5b1d2

SHA1
a0888fdbcf4ed3e80ad45251a998c42e77f81790

SHA256
89d6baa7e95b44903dd16c011b3d8bc8633bead728ef08d134933a995a71f4fa

SHA512
5ea9b970b617508c768e8ad37e0d89a51246789f1a9b95e6a59ca446a2088405cf6eab4c0b8028455d87dd5fe819ef5bb400aa824a3f7a6adb3fc42febf0554c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-file-l2-1-0.dll

Filesize
41KB

MD5
e2f631cea6f1777d19de7b8f77ec852e

SHA1
fb3aa9801e7365eb903d1b931e502aea7ef75f97

SHA256
3612ca27d8ae67d620033d5310b0f9ad4bde1e902152c519c276a12e9410e643

SHA512
7385342c7d7a202619c802355e48250cfc59af4d3c6864909ec8c3743a5c20a45c96214a5f66639f04f011c320be059d9e3e99ca9b7479c39809fa8151c9a41b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
41KB

MD5
07e60c794a1c936607e432bbd7678c3b

SHA1
c368d8cc7ed4cb92ef4298b956e9609da09e934a

SHA256
cf44707c8b430b6dda0de73248f1568ac4a844a46e9669b9e990476e6ce38e25

SHA512
aebb8a6b8f07a21ca7be407471eba2734e241511732326739ea5e9457532b469779e5916e2a82b89672d65eed9df5ab6252b4420d6f88125390e0caa3fde751f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-localization-l1-2-0.dll

Filesize
41KB

MD5
12c396b06ce51331cf9c1969e6877711

SHA1
278e0308a2b82de1162496b0f4796e27c72015a1

SHA256
aee13ba0406ac447c2a4ef6a5a08f87b3867d0a23ebdc1d941b92ce831f30a3a

SHA512
cb00e40d980b3a576012712263cbc523c06ea32aa7d70e7c6c192405ec150e5adb83d5b4daf27c6f79fbd98f1b34a8ec71ee57ecc771f0ff131df3e724d9a585

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
41KB

MD5
90921e5f13b3802a85d168c37a33bc40

SHA1
36bf20e3a739511d506b0b89001be1c144d3a022

SHA256
a013569c40698983a5d5d5ff1ce4189d00e2c4810c6ffd3d18453067390b3eae

SHA512
af3c3bd51b51b093fb1f5450b3cdd921e2e9ba4a4f6b8948626939d442a85437d093266e306d77ce679b285f433fe7ae00c0d827b8775cdaa928ebd641014674

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
41KB

MD5
cb4a7cfd345a7524fcf8d55b914ab5d8

SHA1
c282ab5761a900333d02d7041a137efe0a856c02

SHA256
304944b6bd9c5b87e6607eaff5c1c473f48b952bb02545f195fafa610d6efc3f

SHA512
87c67cadc9adf0135f990e29668d8b9c8c6845bc8deef1deba062294d9568f7bebe22531fbcd89ab22da9ceda481d97ed9bb8e55ab67fe3a12fbb3c922b5a850

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
41KB

MD5
abaa8d09a78200136033fa73610712c7

SHA1
bc39ef62b6d61c6952d3892becb194658c3a04b5

SHA256
c7f6425686a642c43554840add5ae1bc865e1525acab93598b5857e4b0b0f09d

SHA512
40ba5011a208ede2c5f9e1f93a41a064f70c27194a33f92b03dcf727516642a19a27a68daab9ac37b0baa82476318bfb02bd3b3eb735a65cd4e804497e23e705

Download Submit
memory/1776-216-0x000007FEF68F0000-0x000007FEF6F53000-memory.dmp

Filesize
6.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads