d337d0a21751b5dd37d05039d9f78c8d9466d46a1ddb255f9321807178d3e4bb

Analysis

max time kernel
107s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

53.0MB
MD5

01839a691e0d86bcf952fdff6180f035
SHA1

c8882f499bd8acd84f32a2743f1837313cd872b7
SHA256

d337d0a21751b5dd37d05039d9f78c8d9466d46a1ddb255f9321807178d3e4bb
SHA512

7e94a1aaf226f16ea112069811867f5d624d4a91f7ea39b5666645916d6f92f3f9acb5527b157b0938157eee8b981c142c27eff1a200a1396641d14e692c6e19
SSDEEP

1572864:g1lhW8XmUSk8IpG7V+VPhqYdfzE7OlhTdhDMlr:g13tXmUSkB05awcf3LJhw

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1804	source_prepared.exe
1804	source_prepared.exe
1804	source_prepared.exe
1804	source_prepared.exe
1804	source_prepared.exe
1804	source_prepared.exe
1804	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020acc-1217.dat	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1804	source_prepared.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1804	1628	source_prepared.exe	30
PID 1628 wrote to memory of 1804	1628	source_prepared.exe	30
PID 1628 wrote to memory of 1804	1628	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16282\python312.dll

Filesize
1.7MB

MD5
36e9be7e881d1dc29295bf7599490241

SHA1
5b6746aedac80f0e6f16fc88136bcdcbd64b3c65

SHA256
ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e

SHA512
090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16282\ucrtbase.dll

Filesize
986KB

MD5
14f3d657b29c0de2f9f91a563cb0e4d7

SHA1
f7cea78693c4189e2d353cf3bc2c70fb4699575d

SHA256
ace7a1a8dc840c1d082e955f48b63fa29cfa30f7920b7df8d5dad05280d433a5

SHA512
dd7e447d9e1624ac0e6b8d835a6b026c6fabf5b5e05f653bc3bf31d1b4de8232c87cf84f052fe3048f3360fd101c2fd3ab7157e1def81789e6067e5a71dd9ecc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16282\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
9552fdb73fe453fdb69e794d06b2ee61

SHA1
178e278fa9dc3ac7224bcd74722b19dd7aa70edb

SHA256
064c7b10c031d09a2b53bad9b77fd12ab20681531aa228f4bc84200f0391c75c

SHA512
48fc32dbf52bddb880ad9ca3f8004a95facc81ea4a6c942785fb80488e1a94f8b29881e19737959b628b0029f1b4ad562a19414e5bc59de04a7f683824ea0f2e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16282\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
726f825f41da2f50b7bf4e77c6270268

SHA1
d11a55a4972f37d244a965579abea2fdd6db167f

SHA256
1f904737b907864e16a74426f0af57dabf5cb105ae68bae5971afc3f3959cb2b

SHA512
361c25f553fc8040d6c837e18f84810c860d466831749db0a68281e888d0236111176aaa0f19af06d4810d70399264a0c7aa98cedad3171138b7000b2a33a921

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16282\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
ace9c9c8f8502f85373866dafb376d13

SHA1
7a335a70ea824db1a8747fc1da2f510878d0a8b5

SHA256
8fe02fbdd7812a562833e33c07caa547febc5e838c8e94b5212bb0e1ed12c0b2

SHA512
f34d3256fc04783207c70646aa21fc6e2a177b8e236695dc7888daf055cba5f6c53ce1382ca34ce82728f2dd87b26fee24c32fc1192cf0ca004be78d2bacea93

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
2a67a6efec3b636f32436c65e69673a9

SHA1
ce511b07ab01cae957c4ac92cc73cc219d00e6ba

SHA256
a6bf1902df0a767261a93cb47816ff0a120f1c41b5687d62b2d2ac9fd4027311

SHA512
adee1720ba1d972dca502c0f7ab6107ff71126207b33bdf94630b23cbab92b8b3bb83ac384ffce460cc59589c1ca28fd4683020a02dc0b646cb998be0700c39b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16282\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
47f93eaa16c98dd606b33b75ea781a24

SHA1
af32849d1b678f139d1c8bb4239e19833471ec24

SHA256
0eca1f24b7803c1f7e8d61486eaf9b84479a5ac6288046e1a3cd0059ccd4b69b

SHA512
4d9860f27feaffacca50f1ddcddc7f4d93ae5072a97e72e443022b8db0c51079c45c823ea1b8e852ab1b05233a3aea093c9131d7dfc982816a3442a4f409f7f5

Download Submit
memory/1804-1219-0x000007FEF6720000-0x000007FEF6DE5000-memory.dmp

Filesize
6.8MB

Download
memory/1804-1220-0x000007FEF6720000-0x000007FEF6DE5000-memory.dmp

Filesize
6.8MB

Download