fd423dc5c37065f1bef1c9acacb859f0f6d8bb779d6f24a0c8f3bf8f2585f1a8

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15/12/2024, 22:47 UTC

Target

source_prepared.exe
Size

30.5MB
MD5

a76406bff5ba7a0228ba232cc2ecfee7
SHA1

023b9097a4beca140cfba5f1c15d747ebf6ec070
SHA256

fd423dc5c37065f1bef1c9acacb859f0f6d8bb779d6f24a0c8f3bf8f2585f1a8
SHA512

d7838d367158ece880c13cb063665e5fc18b8c1af4368e457cfa60a0b3594d064686d4ffd5bace79a82fab61106772ded5b67a7a3f5b6a0d92997b9d8adeb605
SSDEEP

786432:5iIZRZW8FPm1N2+9qxqzcY876K3v1n8vSFumJWoIQ8lZ:EEWSm2+9E7z1XFu0H2

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
748	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020987-1109.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 748	1624	source_prepared.exe	30
PID 1624 wrote to memory of 748	1624	source_prepared.exe	30
PID 1624 wrote to memory of 748	1624	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:748

C:\Users\Admin\AppData\Local\Temp\_MEI16242\python312.dll

Filesize
1.8MB

MD5
cfa2e5cdda9039831f12174573b20c7b

SHA1
c63a1ffd741a85e483fc01d6a2d0f7616b223291

SHA256
b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d

SHA512
f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

Download Submit
memory/748-1111-0x000007FEF5DC0000-0x000007FEF6498000-memory.dmp

Filesize
6.8MB

Download