c06ab15812eb9fe8ba626190bc221396dfe6e66ca62765c5865cce788f7bb399

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 06:43

Target

neverlose.exe
Size

43.1MB
MD5

cd758f6d4e553518a9da98b5199a3f55
SHA1

4753e1dc39c306c4bb801f115f9d82b81c69ccdb
SHA256

c06ab15812eb9fe8ba626190bc221396dfe6e66ca62765c5865cce788f7bb399
SHA512

1800e47de01f738789dbe91cbc4d7b6da145d5f84c7345c691d1c5515761a7446766b32067811c35d3e704b516ac70d786680439ab61a32bce1f7bc44688baf0
SSDEEP

786432:4zsZVl8ZP9L8fYEm1NOwouB9nP6SDgVESWqEetRLBblg/rGv5:4vP9L8wEmOeJDrqJtfbe/Sv5

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1936	neverlose.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0004000000020735-723.dat	upx
behavioral1/memory/1936-725-0x000007FEF6760000-0x000007FEF6D49000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1936	neverlose.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 1936	2640	neverlose.exe	28
PID 2640 wrote to memory of 1936	2640	neverlose.exe	28
PID 2640 wrote to memory of 1936	2640	neverlose.exe	28

C:\Users\Admin\AppData\Local\Temp\neverlose.exe
"C:\Users\Admin\AppData\Local\Temp\neverlose.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Users\Admin\AppData\Local\Temp\neverlose.exe
  "C:\Users\Admin\AppData\Local\Temp\neverlose.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1936

C:\Users\Admin\AppData\Local\Temp\_MEI26402\python311.dll

Filesize
1.6MB

MD5
1dee750e8554c5aa19370e8401ff91f9

SHA1
2fb01488122a1454aa3972914913e84243757900

SHA256
fd69ba232ba3b03e8f5faea843919a02d76555900a66a1e290e47bc8c0e78bfa

SHA512
9047a24a6621a284d822b7d68477c01c26dc42eccc4ccc4144bfd5d92e89ea0c854dc48685268f1ae3ca196fd45644a038a2c86d4c1cc0dbf21ca492aece0c9e

Download Submit
memory/1936-725-0x000007FEF6760000-0x000007FEF6D49000-memory.dmp

Filesize
5.9MB

Download
memory/1936-726-0x000007FEF6760000-0x000007FEF6D49000-memory.dmp

Filesize
5.9MB

Download