de8af9f7e1dd6baee89676f6eb45da2b578b1d4be47d9d3b1751bb98703503c8

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 23:13

Target

loader.exe
Size

7.6MB
MD5

144f0413cbc37e7abfd03ef7db607bbb
SHA1

44db66912cc325e195f13ad26e3fb556d145aad8
SHA256

de8af9f7e1dd6baee89676f6eb45da2b578b1d4be47d9d3b1751bb98703503c8
SHA512

3c1371d814765ee755bb507a62628cb00ae49423d8079d1a8edfbd8d320799503c28bb27ee71933acf015e934b5c6b026d12fe89c904b7b24cfc597191919cfd
SSDEEP

196608:1cD+kdywfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWK:K5LIHL7HmBYXrYoaUNt

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1528	loader.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000193a4-21.dat	upx
behavioral1/memory/1528-23-0x000007FEF5600000-0x000007FEF5C65000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1528	2408	loader.exe	30
PID 2408 wrote to memory of 1528	2408	loader.exe	30
PID 2408 wrote to memory of 1528	2408	loader.exe	30

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Loads dropped DLL
  PID:1528

C:\Users\Admin\AppData\Local\Temp\_MEI24082\python313.dll

Filesize
1.8MB

MD5
9a3d3ae5745a79d276b05a85aea02549

SHA1
a5e60cac2ca606df4f7646d052a9c0ea813e7636

SHA256
09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

SHA512
46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

Download Submit
memory/1528-23-0x000007FEF5600000-0x000007FEF5C65000-memory.dmp

Filesize
6.4MB

Download