ab52d663c36e8a339608aab77e15e11fe4aa1b9151b94fdb09b6ec1edad1290c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

17.6MB
MD5

77ac47934162a2c8a1da64fd28a2eaef
SHA1

4532fdd12ce246caa9e048875c49f129335ccc7c
SHA256

ab52d663c36e8a339608aab77e15e11fe4aa1b9151b94fdb09b6ec1edad1290c
SHA512

4f8b0232344c068e508dc383efb1642bfedbdef2732582805198a78aad6fb83ee7d52ba9afe2f60a45a2a4ac70cd709164107180971e8ddf477cdcf6a682e7d1
SSDEEP

393216:Denpi1m1Nqao+9/pWFlTRZ0br2W673KH:KpMm1Njo+9/pWIW36

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2444	loader.exe
2444	loader.exe
2444	loader.exe
2444	loader.exe
2444	loader.exe
2444	loader.exe
2444	loader.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a4d1-98.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2444	2624	loader.exe	30
PID 2624 wrote to memory of 2444	2624	loader.exe	30
PID 2624 wrote to memory of 2444	2624	loader.exe	30

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Loads dropped DLL
  PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26242\python311.dll

Filesize
1.6MB

MD5
db09c9bbec6134db1766d369c339a0a1

SHA1
c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b

SHA256
b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79

SHA512
653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26242\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26242\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
7af4a47eb3649c87e6508273f7c442d2

SHA1
60a71893ffe062d1efd50bf64c8c52e007eef75f

SHA256
41d981933ed13460e1b567c6ac379d471d9b93085ac682d3a55fa56469b312f8

SHA512
c8663b56c8c1c227261276bde5a216a1aa90eba0629d1267b58c30dbce8f005ace16069991742817f07a1b504cd26a55f2c226cdd3cfb211443b2936f1b92ca4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26242\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26242\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
fc53a106dab19af6688b67904a36c08a

SHA1
f24ed7509557a1c0d5df37140e35f51a4bda5bc4

SHA256
91a3699844ddd7fb89f0d169aaf0016dc5d08fcb0993d0ebf8e0b0f81a359163

SHA512
a267f84bb52aeadb79609519f1f25f6e3c6b87678ecf9e05cd95055f97e565601d4204382ea24ab20f5e6c9b86684c1eabc8bf26a2828a4da0661cce42e75b1c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26242\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
f7735e120f85686d4cc95ffaec44f265

SHA1
3358d72e006cdc15dbc3e6e3990bdb1b12fcb153

SHA256
544496a7c788cf654525ac3a251afc1e0ee2388312049463be601e39266bd3ec

SHA512
291e26bfa539c3284e57bbb666c9900aa20c4f4da57d94f7b4e93f1a54e7d29bb735abb7df2978d233da7766083cb2e6cd4f5b7706e995bd940cec801a696aea

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26242\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
54f67f4836863b70e4176ebf6575535f

SHA1
edb6b54053961be5fe0d65cdaf1245d3e8f15eeb

SHA256
2663e7d276be5a3b39cabb680d856adfc1b9669e10ef01a7866219f6e81a1d43

SHA512
9a7874ceaef6ab7c9ca16a4493f9a45c81b4207f6ab39d609f73e52fc56fcea81d18042539b937a0db36cbcfb6dcb75703666b246d3c76394b73862b981a068a

Download Submit
memory/2444-100-0x000007FEF5630000-0x000007FEF5C18000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads