fbf9307835fbb1092a204e7a770b10b17c9b328ba3fd03bb6ad49cd3b0827512

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
26/12/2024, 10:54

Target

source_prepared.exe
Size

72.3MB
MD5

a4bb79deffe43c01a248c58584169aee
SHA1

a7bc17c0d8826dfb337021849573829872cc509e
SHA256

fbf9307835fbb1092a204e7a770b10b17c9b328ba3fd03bb6ad49cd3b0827512
SHA512

6084096bc5845aa586bd94221f618f6278ac9e04283cb5bfd49a5d8255e77bc18b14a507eeb710639ceba1ad6e68d96589def74743245dbf770b6ecb03f201b7
SSDEEP

1572864:HhlAWDZomcSk8IpG7V+VPhqerE7WIlKTiY4MHHLeqPNLtDaBpLbZzTUx:HhW4ZomcSkB05awehIMEMHVLtmBpLbt

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2132	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a94-1261.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2132	2096	source_prepared.exe	31
PID 2096 wrote to memory of 2132	2096	source_prepared.exe	31
PID 2096 wrote to memory of 2132	2096	source_prepared.exe	31

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2132

C:\Users\Admin\AppData\Local\Temp\_MEI20962\python310.dll

Filesize
1.4MB

MD5
190fa7c1e8fbbadd8a23ca249905ae87

SHA1
366dedb6de0d3134b00b558073948ce917143a08

SHA256
77e4b8d08215e745332043f56d5d7113e0475c7f21ec5f832c633013c05f10d1

SHA512
49f59c7aaf3f276bbda3ea145631443de8a22eaf162d8419ccc3d421d30397b6260db2b48da9f6a0691b3694e285d451e2aaf1964146a9cd9fe73e520a20ed41

Download Submit
memory/2132-1263-0x000007FEF6430000-0x000007FEF6895000-memory.dmp

Filesize
4.4MB

Download