fab1dac490d27a14ae7ddde7c9837b64dfb84e28e6d6b4a6f650f6aff3d5b350

Analysis

max time kernel
4s
max time network
1s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 17:54

Target

SolaraV3.exe
Size

10.0MB
MD5

c842c92e0f6c35fac35311e609b89f0b
SHA1

db58748fac5372dc4648a08765352cfc6dad59ef
SHA256

fab1dac490d27a14ae7ddde7c9837b64dfb84e28e6d6b4a6f650f6aff3d5b350
SHA512

4353cb9463b1eb6db6288b1add399d5f05858833bf72d04c7bc70270602019eb7134f55a0e44cbc92fe0d27ef519726f09f3f0621d05c07f3e99a884ede07804
SSDEEP

196608:vGD+kdlYvI3SnGK2Fjtwkvi3xPQDwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNp:u5rM9j2FjWkIowIHL7HmBYXrYoaUNp

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2680	SolaraV3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019266-22.dat	upx
behavioral1/memory/2680-24-0x000007FEF6280000-0x000007FEF68E5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2680	2100	SolaraV3.exe	31
PID 2100 wrote to memory of 2680	2100	SolaraV3.exe	31
PID 2100 wrote to memory of 2680	2100	SolaraV3.exe	31

C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe
  "C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe"
  2⤵
  - Loads dropped DLL
  PID:2680

C:\Users\Admin\AppData\Local\Temp\_MEI21002\python313.dll

Filesize
1.8MB

MD5
9a3d3ae5745a79d276b05a85aea02549

SHA1
a5e60cac2ca606df4f7646d052a9c0ea813e7636

SHA256
09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

SHA512
46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

Download Submit
memory/2680-24-0x000007FEF6280000-0x000007FEF68E5000-memory.dmp

Filesize
6.4MB

Download