b80f1d4d7630f0a85f6147123498b9e7c96db67b2b0b375bb28c2f774d071d8a

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 20:08

Target

Banana Raider.exe
Size

7.5MB
MD5

13d5b15b72085be2415b8a3eef8a9477
SHA1

1cfc42287bf2610802bd705ce03654c63c7fde2b
SHA256

b80f1d4d7630f0a85f6147123498b9e7c96db67b2b0b375bb28c2f774d071d8a
SHA512

39ae71c9ff9a667fc2170c646901fc3a0e83bd77db861de0db9a0a30fff955f8a5580985d0805571565bcb0d223d579298030662140c1e90e39417b4d4acf128
SSDEEP

98304:p5cJSi8TRiWurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EBKhOh112Y:pbCWurErvI9pWjgfPvzm6gsFE44frb

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
3044	Banana Raider.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000194a7-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 3044	2236	Banana Raider.exe	30
PID 2236 wrote to memory of 3044	2236	Banana Raider.exe	30
PID 2236 wrote to memory of 3044	2236	Banana Raider.exe	30

C:\Users\Admin\AppData\Local\Temp\Banana Raider.exe
"C:\Users\Admin\AppData\Local\Temp\Banana Raider.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\Banana Raider.exe
  "C:\Users\Admin\AppData\Local\Temp\Banana Raider.exe"
  2⤵
  - Loads dropped DLL
  PID:3044

C:\Users\Admin\AppData\Local\Temp\_MEI22362\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
memory/3044-23-0x000007FEF5F90000-0x000007FEF6582000-memory.dmp

Filesize
5.9MB

Download