b3f3b2509384e16b578e69b3702074f91d76dd43dffc7f427072346d30900140

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 21:12

Target

Launcher.exe
Size

5.9MB
MD5

e632dad63d85e326f996d29455a73c5e
SHA1

b2790f28c60841c2cfd9334dc2b3d35a68965e56
SHA256

b3f3b2509384e16b578e69b3702074f91d76dd43dffc7f427072346d30900140
SHA512

8e68cecd310c0a7a27076b2d6f53b9b578e641d46d554ebf5fca33baac2741d8a501cb2728cf7870dc7a42dac8a2077bf1103a3ef190efb880035aec8ba5247a
SSDEEP

98304:+/De7pzfmyck8MMhJMjarCtaCObO/OH9KkqQz4W1kgeD2FMZi3+ML4eB:+SNzpqB6yA+KO0WRPiZkL4eB

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2092	Launcher.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000193c8-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2092	2484	Launcher.exe	30
PID 2484 wrote to memory of 2092	2484	Launcher.exe	30
PID 2484 wrote to memory of 2092	2484	Launcher.exe	30

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
  2⤵
  - Loads dropped DLL
  PID:2092

C:\Users\Admin\AppData\Local\Temp\_MEI24842\python310.dll

Filesize
1.4MB

MD5
3f782cf7874b03c1d20ed90d370f4329

SHA1
08a2b4a21092321de1dcad1bb2afb660b0fa7749

SHA256
2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

SHA512
950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

Download Submit
memory/2092-23-0x000007FEF5A80000-0x000007FEF5EE6000-memory.dmp

Filesize
4.4MB

Download