c015f2732beac7532552b3b4f58c07b89743484afacf27287cac5e48cc83e3aa

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20241023-de
resource tags

arch:x64arch:x86image:win7-20241023-delocale:de-deos:windows7-x64systemwindows
submitted
19-12-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

81.9MB
MD5

b60a7b301b3b495e0c84adfa3149a4fd
SHA1

4232c412ba55fcc46d32111df3f359853c1de33c
SHA256

c015f2732beac7532552b3b4f58c07b89743484afacf27287cac5e48cc83e3aa
SHA512

d6512751c4d4c4aa394c81a93c3fc9d314ab98bd9daf28c5040f2b5b3edbbbdb608b3dc602e9a00a95a0dacbbf8f29bd4d21963fb014bfa94eba560af5ca489f
SSDEEP

1572864:iGKlEWFsmwSk8IpG7V+VPhqYdfmE7FliwiYgj+h58sMwCyMwiDENjwJq:rKeYsmwSkB05awcfNwy5myMjW

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2560	source_prepared.exe
2560	source_prepared.exe
2560	source_prepared.exe
2560	source_prepared.exe
2560	source_prepared.exe
2560	source_prepared.exe
2560	source_prepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b46-1319.dat	upx
behavioral1/memory/2560-1320-0x000007FEF62C0000-0x000007FEF68B2000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2560	2932	source_prepared.exe	32
PID 2932 wrote to memory of 2560	2932	source_prepared.exe	32
PID 2932 wrote to memory of 2560	2932	source_prepared.exe	32

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2560

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29322\ucrtbase.dll

Filesize
1.1MB

MD5
14af9c0c20388e7d992baa016815f7b2

SHA1
8a1477607bf73b3e4901f08a226ef8c6659c97de

SHA256
43cafe3b16453f1b213da185fab4951fc550678a410366be77e2a3cd00ed5f92

SHA512
ac69aa4bd2d8c9caece76bd45f49bb9542cb91f28f7408d6e0a2d98af30ebbf615a9e0b5950e9836c202dbc3c929b14eee167418c136e31a1073e3baed4340d4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
d21990615e2a9feb29613cffddce5da0

SHA1
a701b95716677409e8997e3affccb38a7332efd3

SHA256
e374718baaeb789c0893bd906e491fabff6fab9b1abad826a962bf86b89d4896

SHA512
20f7734713ade34c6e26cc8b69f48243b878aa19e6764d17688214e8fe0d03bc775dae62e368a3a81d14879214ba7388fc1ac31a58ae1bd375951ee80a84098a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
6ee594309656724d72e52d1bce38aa6c

SHA1
9f4376d8855c783486dd31a9e89984bc44d70e8c

SHA256
90319c14d93d2efe2aa9c48af44e41b662445b1c05e6f7ed8c6c3329b9a3c2f2

SHA512
5ff55e8fb3050399ca7c98bbf43b64bff90ca11d094b9144f886df9b1df98b6ec501c29f0eb7c6251f5c07405c8bb2dc24249e9d36f45b6d93d7e790eea987d4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
a56cb984f78ef81747eb06929e51608d

SHA1
da3bd23b420aabb4d788a1d487de97ac6d6f1f8e

SHA256
765f94c4e1c2639b32c6c218d2ffc73633101430670e0eab92a9b9dce1132fc0

SHA512
bf3b77089b8a1ae018ba5d90912fc60853fa2a078034837f9b17c0c9c13f44d7440600f118685741f48c52c4b30115e6d943ca35f437f005cab12ad3adc9f699

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
642b5d00c665764485253799da0208d0

SHA1
848247b2981525160f264aa5c169158035edd5e5

SHA256
3c512ab982b1791b06866694efc115ea4da4e49166a14b28b90689830b8915c2

SHA512
bd946660ad98a437e31b627b96aa029952e34903c82cfccfc9b8027c9eb22bb0c58b4a716fb73f6b5cdb47d2a081b15b472f84ae8fffde2d4048410d65faae47

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
8b181083e2598b6c19d9749f65fb0ed2

SHA1
23ca8d38e5e02229a1092512b8260a531472f092

SHA256
7517445bc875e8fdb109fbba7aa68d9aab26eeea75c3e8a3bc38904d1aa374cc

SHA512
5c2d2ad4a587eb28e2d30ed66c6a01fa056487aba998f6c276b31cf4d3c02395c85966c02fbf789fe4674fdc96108d8639d9cb03f355ca9ddeec4b170cd8e971

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\python311.dll

Filesize
1.6MB

MD5
548809b87186356c7ac6421562015915

SHA1
8fa683eed7f916302c2eb1a548c12118bea414fa

SHA256
6c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1

SHA512
c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc

Download Submit
memory/2560-1320-0x000007FEF62C0000-0x000007FEF68B2000-memory.dmp

Filesize
5.9MB

Download
memory/2560-1321-0x000007FEF62C0000-0x000007FEF68B2000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads