93c167471e24bf32c8ffdcbf47bfd4cd2eb7f14585f7d69805be894081defa80

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

9.8MB
MD5

1a34592745ffef8d2b7276d4509e0465
SHA1

250ee4c27cf4c1021dd287567c315d611515f5a5
SHA256

93c167471e24bf32c8ffdcbf47bfd4cd2eb7f14585f7d69805be894081defa80
SHA512

b462dfd5071508340090462163b89522c42f45fcddc4f23678955db8f6b7828e615a0b1ee50210f70a9a9d52b464c9bc8a78377d7b7ac96be2e7de8cc7491c00
SSDEEP

196608:vz1yCcXpNfFNOxokdlwfI9jKCQB7m+mKOY7r0ZuSojfPX5mhcT8zs+bnTNJ:LACCFNOd8IZu7HmBY06TPX8FN

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
3220	source_prepared.exe
3220	source_prepared.exe
3220	source_prepared.exe
3220	source_prepared.exe
3220	source_prepared.exe
3220	source_prepared.exe

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000023b61-29.dat	upx
behavioral1/memory/3220-33-0x00007FFA61DD0000-0x00007FFA62435000-memory.dmp	upx
behavioral1/files/0x000a000000023b48-35.dat	upx
behavioral1/files/0x000a000000023b56-39.dat	upx
behavioral1/memory/3220-59-0x00007FFA7A2A0000-0x00007FFA7A2AF000-memory.dmp	upx
behavioral1/files/0x000a000000023b55-62.dat	upx
behavioral1/memory/3220-61-0x00007FFA78EA0000-0x00007FFA78EB4000-memory.dmp	upx
behavioral1/files/0x000a000000023b4b-60.dat	upx
behavioral1/files/0x000a000000023b52-58.dat	upx
behavioral1/files/0x000a000000023b51-57.dat	upx
behavioral1/files/0x000a000000023b50-56.dat	upx
behavioral1/files/0x000a000000023b4f-55.dat	upx
behavioral1/files/0x000a000000023b4e-54.dat	upx
behavioral1/files/0x000a000000023b4d-53.dat	upx
behavioral1/files/0x000a000000023b4c-52.dat	upx
behavioral1/files/0x000a000000023b4a-50.dat	upx
behavioral1/files/0x000a000000023b49-49.dat	upx
behavioral1/files/0x000a000000023b47-48.dat	upx
behavioral1/files/0x000a000000023b46-47.dat	upx
behavioral1/files/0x0009000000023b76-46.dat	upx
behavioral1/files/0x0008000000023b71-45.dat	upx
behavioral1/files/0x000e000000023b68-44.dat	upx
behavioral1/files/0x000b000000023b59-43.dat	upx
behavioral1/files/0x000b000000023b58-42.dat	upx
behavioral1/files/0x000b000000023b57-41.dat	upx
behavioral1/memory/3220-38-0x00007FFA773F0000-0x00007FFA77417000-memory.dmp	upx
behavioral1/memory/3220-63-0x00007FFA616D0000-0x00007FFA61C03000-memory.dmp	upx
behavioral1/memory/3220-64-0x00007FFA61DD0000-0x00007FFA62435000-memory.dmp	upx
behavioral1/memory/3220-65-0x00007FFA773F0000-0x00007FFA77417000-memory.dmp	upx
behavioral1/memory/3220-71-0x00007FFA78EA0000-0x00007FFA78EB4000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3220	3424	source_prepared.exe	83
PID 3424 wrote to memory of 3220	3424	source_prepared.exe	83

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:3220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI34242\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_asyncio.pyd

Filesize
39KB

MD5
c5031bc5c34e95446adb68cba92345d3

SHA1
f524fde03dfef13799d5ddb4758a7386031580d9

SHA256
863696947c1988772f279581619017fa6995123c4db6f32298aa43f481952abc

SHA512
12223fe85d78f1d714095669966d6d8b0af98410b55034cc36c47e2c2334db23e79bbf007214e3d48d49f30516dd44382431b7fbf04f585931b66057f777b98c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_bz2.pyd

Filesize
49KB

MD5
041c3a1ba71868d4daeb6d0906a38b28

SHA1
8aa225f0fc86534c2c6526004afdb5d652717daf

SHA256
025ec23249cb7fec75178b51627fbb57bbe1f55adb294353e22c4ce153801345

SHA512
54e790335fe76505c710b7039bbcb37b25d4325b279e216135b75af9221cc3061b7cf55fab8b3fb5c684af9890c6394bb4a44d7e27a667aefeb5b50144bd7608

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_ctypes.pyd

Filesize
63KB

MD5
820451c7be66ef544219c74ee35007d0

SHA1
0e3e3cf7659eff9d46072614461e71076d14dd3e

SHA256
90777ea54bda95e8787f539e49a8e56c9228b1059bb4e47935799d55d54cf53e

SHA512
092c741f1081c5e9c5aec87252561e6b30b7513bc0aa93df2ea85d8f50eec7a1918c6a7c09c682175a04e09649129cd7d07cfaa24967295a2a1f893bc080a45a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_decimal.pyd

Filesize
119KB

MD5
cdf3648d66e392f550790fd3ed25d9de

SHA1
13c7bfd51f28b956afa136d1f0f85bb526180c71

SHA256
80c10c4e57f4e5ea08a6886b1906adb56477d366fe6264110e9c9752865caee2

SHA512
cd08300405d5e26f24d9770c9706b8f77aa9feaa5863c73c1aa54a3b28512656ac4ea9b98de1343a3aa3c8722726402b566db3d38f6f7428e4aa4f9fda1313de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_elementtree.pyd

Filesize
62KB

MD5
bd959756587cc307f27ebbe0be66a0ed

SHA1
c8c9d41dccb2185ff3e75fc50942f6de62884090

SHA256
cb0b8c8b085b72382c5d525fd4222a07513eccc941f85670eb48f848aedb3025

SHA512
e17f58ec0178ab3481c0a59ee5e78bd1dcbb91865a153afff4e664c57494107a26336217558b89099709eff7de88290e849ce77c0439f370bd2037258701cc88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_hashlib.pyd

Filesize
36KB

MD5
9451d1af86aebc8cc5afeee722ca057f

SHA1
797c3d1c2560635646f520c9660495b4ca52f567

SHA256
469699516ce6bab5dac11458c6d72287987139c662d650d4ff0325b95edf1a37

SHA512
ab27813e03654b0027ecc1fc89eef8997263cd10f3e0b8ccaa9213528c21c244a785a0418bd0aa162fd4dd5b8ef8f43b398b08f03c10f25cfa84f7cb30c3cb9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_lzma.pyd

Filesize
87KB

MD5
00e041a28fc678b2f474808a57445730

SHA1
bc9978a238ef64de05ab875ef6683668cd1185ba

SHA256
2837e89c9223d5c810c61ed1f866c662189d2543af9a6f75d75e7fb564f32316

SHA512
c71954efff4e29b9c0ac33373062e7c7bbb4e5ad02f75264765e077a1445821a4891e0a50722cd975cc27d489e873f0e1f4cba2e0b24ac75f8601efd8892a4f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_multiprocessing.pyd

Filesize
28KB

MD5
b0ef20eb26df702d73b6031d7133afff

SHA1
fedf6bac4fecb2ecd3629d089351963ba1cf5a62

SHA256
06f031aead975e49c9b27e24a400ad5da0db36e49bc872f908b1e78af3576312

SHA512
47d3be3d2c90cb43ebeb06f73a8aef802f0c3a8c6bb94b650db46280320b546ebfa770fea074a70664fabb1b3a1a1965ba88dd0008b33625556618527d4c7354

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_overlapped.pyd

Filesize
34KB

MD5
0180bef91b8bb60482d47b262aa2d1ba

SHA1
081cc0cd82e139186b85925b0c7900d3bc6ddb0e

SHA256
f438edcf20ca33551ceb13098e286867fd38faafe641faabb6cdd4989c0f4839

SHA512
fd28c249ebaba6024722a11ee8b59ddc088ef9f98ae80253262f0f91311f38c2a1e30f0b66ad2093746f0357ada04914df24df7a5c5a8a609d48b22190c1f93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_queue.pyd

Filesize
28KB

MD5
e407184680371e5c373a6faa1f108eb5

SHA1
f077adfa699a0c9cf8581c49d36133d76b154f9c

SHA256
4bcdabc2324bf8c58d6df755849b9c1aec376aa791f5f489a09d721862587d8a

SHA512
02f9a791d787f72be2fba6caca49ebbf1612182569818d76853e8055102b2509aa63765d28b0ba1cf2e8a8cbca61294e0786c47c8ae031ded01a90a1ed9dd5cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_socket.pyd

Filesize
45KB

MD5
15292148065dcb1a3a676cfb0fba9252

SHA1
a22013b8565e6e1c5002b5cedcb9e016ce0e5ed2

SHA256
da7535cd642d3471e4a1f09502990bc1a48f481410191120b63d4f72e92889df

SHA512
a51bb276e81c6d12f8c10fff5a835fdff72461567a963f5d5e00c2228d9cb9b749c4ec7bf0e4e771f7260532c54ccb30dc761d3806393e9b3888fa65ee710014

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_sqlite3.pyd

Filesize
59KB

MD5
dc4f17455b3f1a3dae32a156c63c1c4c

SHA1
377ecf0d82afa7e08c42aadb1f00689ff3ed8fa5

SHA256
b56a004c7c5aaf090c59ea042772ed5843389778281614e1403258e655bfbbf0

SHA512
b32d8a795c4d7c888d9097c6970da2fcbe63eb6bf64211d677f850c6723521f0da09ea6b507ef57b891123b720c55919e53ff19dfcf2b5297d1fddb77dab84b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\_ssl.pyd

Filesize
68KB

MD5
b42dca9bc4fd061f569b1be103569017

SHA1
b7c90c9745609db1628635d2fd24c18765e0b783

SHA256
9db89d5ae27e94fc52e27c8d5237388fb3216cee03e26b40b8b9269ae80dd56c

SHA512
5923bab51efa9d6b498a44332fab4101691cf7c5f8045a5325c9269c5dbe619ebcece13cb1244eca8289d8e6efc5d595010f5365fe69605797d358a97b299551

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\base_library.zip

Filesize
1.3MB

MD5
18c3f8bf07b4764d340df1d612d28fad

SHA1
fc0e09078527c13597c37dbea39551f72bbe9ae8

SHA256
6e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175

SHA512
135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\libcrypto-3.dll

Filesize
1.6MB

MD5
ecf92d1e849c1a4b89ed9dac0c2d732d

SHA1
bd2dbf194e9c891f27ef5b4521318d3804f76425

SHA256
afc166f8f1906cd75b4de9f7c72e92e36e4282437a02fedadb5ec3145c33c3a1

SHA512
44e3d6b37a11b715efb77c28c1c4fca4c25ba7f663183bcef4ba52e9c5271715f43f7b22b6307c6d8788c1ea4e8b709060b0a711aeae249164ba7bfd1d571f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\libssl-3.dll

Filesize
221KB

MD5
5b63295552454d570281d321e4ca7266

SHA1
d849e5c470d63953ec55f2d732fd6f611cb2c655

SHA256
cff180ce2bcf7daa19d6f3702e416f54a55eebfaff382f4b6d8ee00c0954b861

SHA512
a2286ca195b5a8287e8fbee6d20678e3bbefc7eb20f89e510bc94801239d08c8ea620603254fbfc6c6c0d5306dc38dc1f78a675d62e9bbb8a625ec4f7b894930

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\pyexpat.pyd

Filesize
89KB

MD5
ae04c639b594155249d5c46706168c8c

SHA1
05a4699704ca070f338a3e6c03216cd2556bcdcf

SHA256
0c38d13d0818eb9091cd8311d1b162c6387dad0fbc08789f7bc2027ce2f55a04

SHA512
600b0b585f4b02363ae62a4d9910db4e3bafbe1c546e86e148fc880fe760c01a966517969f52f84e5486c41392dc43e48211aa2db34c48c5d57adad3e8ae95f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\python313.dll

Filesize
1.8MB

MD5
13e0653e90a091bde333f7e652ac6f8b

SHA1
130f3271120487b4aac482af56f4de6673aaaeda

SHA256
a89f9220c5afcb81b9a91f00b3bea9ed21ebd2cbae00785cbc2db264d90c862c

SHA512
ad513df8f9a53cb3a8e5bc430a977c4079e7d7547fce43fe29288988ee458ff2ea922eb979582fe4c276e58cd6ef8d771bf6535170554b82c5d54d87caaf5366

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\select.pyd

Filesize
26KB

MD5
2cee7de8fcb3d3dbc4c556b0ef6fc714

SHA1
f9c6af3856940b2673915fb59921dc8310c46e0c

SHA256
a0eaecc78e90a413c6f8b3f062a16c1c22ee517e81f2f56e4ff9746d952709e2

SHA512
f40ee75921ae6ddb65fc09d144ea2e79c91ca016382d1f21558c0ba479f5aabd41277b0c0d0aa37fd002a78acc853efdf8ded36bd1658be659c7a04349a7fca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\sqlite3.dll

Filesize
645KB

MD5
f248ea87e0a706a8d0f684aa8e669e7b

SHA1
f766c1fcaec1d6cb3615a05a1cb1518299ba6033

SHA256
e73f6ab56e6775df160dd54f763e58b8b8c704f4d6cf7c99c2a26b900680cfd7

SHA512
394eca85ffbfe3c2b74204b0f53c315e8222629d7fe11e1d699b045421125d0cb5a81e612221c5ac191bf258584ea81e5a657f10a0abff6d8bbc3726925860ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34242\unicodedata.pyd

Filesize
262KB

MD5
76881bdbbb48838e8a36f64bec40fb80

SHA1
104a38c9c2511d871cd45ef277faac1e759088f6

SHA256
25eae5b47bab5298671b93d9b53e50ebe22297baec244f9ba6e1931dab5b933b

SHA512
57e31c51813da51b6a79fea08078066385febfc9d98c2dac3a89d174042073c7b6435817786fc7de331f4af40d8589623da267f43bab011e998a201c1b334133

Download Submit
memory/3220-33-0x00007FFA61DD0000-0x00007FFA62435000-memory.dmp

Filesize
6.4MB

Download
memory/3220-61-0x00007FFA78EA0000-0x00007FFA78EB4000-memory.dmp

Filesize
80KB

Download
memory/3220-38-0x00007FFA773F0000-0x00007FFA77417000-memory.dmp

Filesize
156KB

Download
memory/3220-59-0x00007FFA7A2A0000-0x00007FFA7A2AF000-memory.dmp

Filesize
60KB

Download
memory/3220-63-0x00007FFA616D0000-0x00007FFA61C03000-memory.dmp

Filesize
5.2MB

Download
memory/3220-64-0x00007FFA61DD0000-0x00007FFA62435000-memory.dmp

Filesize
6.4MB

Download
memory/3220-65-0x00007FFA773F0000-0x00007FFA77417000-memory.dmp

Filesize
156KB

Download
memory/3220-71-0x00007FFA78EA0000-0x00007FFA78EB4000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads