a61eb881291e75bdd460568fa7b88237517597b4bdad6cf3c86584de1379afc7

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 21:28

Target

fluxus.exe
Size

73.5MB
MD5

d3e92d7f380607d8b4d230eefd3a12e3
SHA1

cf9ab3e50b4684153348098fea91d800f359cda4
SHA256

a61eb881291e75bdd460568fa7b88237517597b4bdad6cf3c86584de1379afc7
SHA512

122ae0ff4e576913166294298d809e34c72b933696969fec51d78410647a6809c66e935053019f4e699fe08f749144199b725ea2787d346dea881921ac244d02
SSDEEP

1572864:b1l+WdXmUSk8IpG7V+VPhqFxE7glhWiYweyJulZUdgUztCAuPd72:b1s0XmUSkB05awF1LLpuQMhZ2

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2400	fluxus.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00030000000208b1-1183.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2400	2644	fluxus.exe	30
PID 2644 wrote to memory of 2400	2644	fluxus.exe	30
PID 2644 wrote to memory of 2400	2644	fluxus.exe	30

C:\Users\Admin\AppData\Local\Temp\fluxus.exe
"C:\Users\Admin\AppData\Local\Temp\fluxus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\fluxus.exe
  "C:\Users\Admin\AppData\Local\Temp\fluxus.exe"
  2⤵
  - Loads dropped DLL
  PID:2400

C:\Users\Admin\AppData\Local\Temp\_MEI26442\python312.dll

Filesize
1.7MB

MD5
ebd1e51a1a1c1534f1695bc71beecbe0

SHA1
280b29f98df389d5f239fc54d71b258b07a5d290

SHA256
3ac7db2567f747a6a16447bc559a6aa20ba846ff9a6fdaf25f2b301a95889b90

SHA512
2db7e56fb166ea95cadfd3eec13a003727b33dc56e07c6628d0ac3a07f3ac95075af8be09317151037c6bdc8c6d451f2fb8041598d3d68d593a2964fea0fe0e4

Download Submit
memory/2400-1185-0x000007FEF6020000-0x000007FEF66E1000-memory.dmp

Filesize
6.8MB

Download