074d927ddfcd2dd18390c666a51e078909d3fdc1c7f7e069bda0550947c0418b

Analysis

max time kernel
7s
max time network
6s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 14:26

Target

NeverLose.exe
Size

5.9MB
MD5

5cbb0d08ce5143a418f159df08a00bd3
SHA1

2abb336433c978692a62ce3cfe637b0657d1aa36
SHA256

f40711cbefdd42c0f13fa4ae65bb1be4bd0759ce919fddf591d761499dcf9c9e
SHA512

5880c58301a4457ac67d6f84c38f06723fa257c1bcb58c4bd8e98bdb5cc5dc0f36733d62141b93d794f097559a0324ce7aa79014c5f9e0a1bb87897ea68ce620
SSDEEP

98304:DfmoDUN43WQqkjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6actMFgZ:DfumWQBOjmFwDRxtYSHdK34kdai7bN3t

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2240	NeverLose.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a46d-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2240	2100	NeverLose.exe	30
PID 2100 wrote to memory of 2240	2100	NeverLose.exe	30
PID 2100 wrote to memory of 2240	2100	NeverLose.exe	30

C:\Users\Admin\AppData\Local\Temp\NeverLose.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLose.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\NeverLose.exe
  "C:\Users\Admin\AppData\Local\Temp\NeverLose.exe"
  2⤵
  - Loads dropped DLL
  PID:2240

C:\Users\Admin\AppData\Local\Temp\_MEI21002\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
memory/2240-23-0x000007FEF6700000-0x000007FEF6B66000-memory.dmp

Filesize
4.4MB

Download