bb44b03832153b6d62a46691ae7d769ddbe3ce173e05f680a4b9de8e176c2afa

Analysis

max time kernel
6s
max time network
4s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06-01-2025 00:37

Target

upx.exe
Size

7.5MB
MD5

b7a45da036ef5d49e3368b1cddc4b29a
SHA1

0d07db7e05b527f0413203b9e10136d4aa9b7bdc
SHA256

bb44b03832153b6d62a46691ae7d769ddbe3ce173e05f680a4b9de8e176c2afa
SHA512

f22060395770ae1af66d671071cec49d58407b47105789973afa5164234584159cb023bc843b37537c74aee28444ba5766305fddc5a7731a7ebb3fbb99f8b420
SSDEEP

196608:yDgFGwfI9jUC2gYBYv3vbWY+iITm1U6fd1Ei:9FtIH2gYBgDW/TOzbF

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2992	upx.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a480-21.dat	upx
behavioral1/memory/2992-23-0x000007FEF5910000-0x000007FEF5FD5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2992	3048	upx.exe	30
PID 3048 wrote to memory of 2992	3048	upx.exe	30
PID 3048 wrote to memory of 2992	3048	upx.exe	30

C:\Users\Admin\AppData\Local\Temp\upx.exe
"C:\Users\Admin\AppData\Local\Temp\upx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\upx.exe"
  2⤵
  - Loads dropped DLL
  PID:2992

C:\Users\Admin\AppData\Local\Temp\_MEI30482\python312.dll

Filesize
1.7MB

MD5
6f7c42579f6c2b45fe866747127aef09

SHA1
b9487372fe3ed61022e52cc8dbd37e6640e87723

SHA256
07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

SHA512
aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

Download Submit
memory/2992-23-0x000007FEF5910000-0x000007FEF5FD5000-memory.dmp

Filesize
6.8MB

Download