9ce878aa666bc726c5526f7b581f31c9b1f9665a7403f78d7840bc933e08c93f

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 00:36

Target

source_prepared.exe
Size

32.2MB
MD5

e3d3417ce135aca5460a0ab5db33c3b2
SHA1

0a42996551fdb00e2fcffd6196b90ee410dd5cad
SHA256

9ce878aa666bc726c5526f7b581f31c9b1f9665a7403f78d7840bc933e08c93f
SHA512

f1fe7317bf20d1fd752ac3aa1796b5f457896d92606bf43873bbdd6c71dd13e3440421f3819ebcc0f9b116a95a28be20914fd540c0d3b66a6485b9930e05215b
SSDEEP

786432:FzjyiJVl8ZGGefW8l+9qxHzcY87HC5T4IaeDR5TcPC9/mkOq8:F2GGefWK+4E7rIae3T8C9hOq

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
572	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020969-1095.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 572	2016	source_prepared.exe	30
PID 2016 wrote to memory of 572	2016	source_prepared.exe	30
PID 2016 wrote to memory of 572	2016	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:572

C:\Users\Admin\AppData\Local\Temp\_MEI20162\python311.dll

Filesize
1.6MB

MD5
8ea69ca2292c3af9cdb46dded91bc837

SHA1
72de7df68b2c336720d1528c34f21ff00ed7a2ce

SHA256
3512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49

SHA512
fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc

Download Submit
memory/572-1097-0x000007FEF62C0000-0x000007FEF68A9000-memory.dmp

Filesize
5.9MB

Download