Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2024, 13:10

General

  • Target

    source_prepared.exe

  • Size

    77.6MB

  • MD5

    6b88c4b0e3f31deff8590388e12e8bd2

  • SHA1

    8539df82068b2466b34a5ec8c8f13e0301cc9af1

  • SHA256

    3e197ab8e6f5966b8b4420a7c23261e6691fddf9850c0bb47ce7ec2dd51b8409

  • SHA512

    1f1587480373b9a2e0f79a9d1707d26681e0358dcca32a80eb4d5536fb5926e96e7abf824f215c5466c6c7faf826b6246a9e47b88478780cb4a5aa5eb72da197

  • SSDEEP

    1572864:f1l2WimUSk8IpG7V+VPhqFxE7alh8qAiYweyJulZUdgg4yZgUKd72:f1szmUSkB05awFlLrpus4qYZ2

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:1020

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\api-ms-win-core-file-l1-2-0.dll

          Filesize

          19KB

          MD5

          ac28edb5ad8eaa70ecbc64baf3e70bd4

          SHA1

          1a594e6cdc25a6e6be7904093f47f582e9c1fe4d

          SHA256

          fbd5e958f6efb4d78fd61ee9ee4b4d1b6f43c1210301668f654a880c65a1be86

          SHA512

          a25b812b9fa965af5f7de5552e2c2f4788a076af003ac0d94c3b2bc42dd9ab7e69af2438ce349b46a3387bf2bfcf27cec270d90ca6a44c9690861331c9e431e1

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\api-ms-win-core-file-l2-1-0.dll

          Filesize

          19KB

          MD5

          b5832f1e3a18d94cd855c3d8c632b30d

          SHA1

          6315b40487078bbafb478786c42c3946647e8ef3

          SHA256

          9f096475d4ba1533f564dd4a1db5dfeb620248fe14518042094b922539dc13e3

          SHA512

          f3016ded97591e25a6d4c70d89251a331402455ab589604e55c486fec37ee8e96bd1be2d4e4e59ba102dad696b3e1f754b699f9ebe8ae462e8b958ed2d431a5b

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\api-ms-win-core-localization-l1-2-0.dll

          Filesize

          19KB

          MD5

          fd59ee6be2136782225dcd86f8177239

          SHA1

          494d20e04f69676c150944e24e4fa714a3f781ca

          SHA256

          1fd044fdbc424779b01b79d477ee79dfbb508a04e86c62e1c8fc4f6d22f6a16a

          SHA512

          2250d54c3b9e6aeb2f5406e1428536564357a48ceab51596b33ff0843086fb420ad886af61725b25a58e2f50a4c17ddee10696d6041db9b60891eff8e495775c

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\api-ms-win-core-processthreads-l1-1-1.dll

          Filesize

          19KB

          MD5

          8ff0692d32f2fcb0b417220b98f30364

          SHA1

          5eeb1d781d44e4885284c8b535f051efca64aef8

          SHA256

          53cea73c248a49389bc2da01acac1d8e8022a7e034bcd522306e43a937200897

          SHA512

          f73249f70953c537da02b890308cb18a9c6676401975bf13aeb61b1db9dfa042e908c52ee266b404948a568b23b0cfb37ecd4b80379c398c15f56ce7a82cf7a5

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\api-ms-win-core-timezone-l1-1-0.dll

          Filesize

          19KB

          MD5

          863ed806b4f16be984b4f1e279a1f99b

          SHA1

          b9a919216ef90064ac66b12ccde6b3bf1f334ee8

          SHA256

          171ca9df2b9ecfa545748af724c1c56ab396b299503a14c4da2197b0e5a44401

          SHA512

          fb8f195d9a1885c16aa2cc6eff38e627ea127b18978016d6046dc0120a19ab40cc4fe4b799c06f133b02f7cd6a634ae1665f05f9be5fcae609229dfaae0ce478

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\python312.dll

          Filesize

          1.7MB

          MD5

          ce6ed19bcc516117af8d40d34707a52b

          SHA1

          b60be8c9cee76c2cbbbe168b7c631bc5e434e5e2

          SHA256

          52303626cdd89dd70dac6176aa11d2ec359789fc75b0ff2ab627cb9cf19d86b9

          SHA512

          127b8cd85e73210a202c1028037287b7948febf426cc743ed6483ec446174f57401c1e41426356fa7d207af3b2d175b38acb333b4f462a9e8f41969a6a761085

        • C:\Users\Admin\AppData\Local\Temp\_MEI26722\ucrtbase.dll

          Filesize

          1.1MB

          MD5

          988755316d0f77fc510923c2f7cd6917

          SHA1

          ccd23c30c38062c87bf730ab6933f928ee981419

          SHA256

          1854cd0f850da28835416e3b69ed6dae465df95f8d84e77adbbc001f6dbd9d78

          SHA512

          8c52210a919d9f2856f38bd6a59bbc039506650a7e30f5d100a5aa5008641707122ff79f6f88c268c9abc9f02ba2792eed6aad6a5c65891a9ce7d6d5f12c3b0a

        • memory/1020-1323-0x000007FEF6B70000-0x000007FEF7232000-memory.dmp

          Filesize

          6.8MB