af5394d0a237e20e6e21951a42116e9e839b5b793f178871e3e84b831efef461

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-02-2025 18:08

Target

ReleaseFree.exe
Size

23.0MB
MD5

3020b18136d688f9c5a9b471e5b2f2de
SHA1

76eab9fc91c85612ea564525b51dd4f0cd039ddb
SHA256

af5394d0a237e20e6e21951a42116e9e839b5b793f178871e3e84b831efef461
SHA512

2b8c01784b3787f7e2d58ce1ee02c79633c7b3b28125b28a57cf6634109f18332bbfa2db63c035da0ec0d560e41286e8db050e6701b390f54c0745d53d48a10c
SSDEEP

196608:6GLjv+bhqNVoBLD7fEXEoYbiIv9uvvk9fIiZ1x:7L+9qz8LD7fEUbiIPQgj

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2544	ReleaseFree.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019433-21.dat	upx
behavioral1/memory/2544-23-0x000007FEF5B00000-0x000007FEF61D0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2544	2508	ReleaseFree.exe	29
PID 2508 wrote to memory of 2544	2508	ReleaseFree.exe	29
PID 2508 wrote to memory of 2544	2508	ReleaseFree.exe	29

C:\Users\Admin\AppData\Local\Temp\ReleaseFree.exe
"C:\Users\Admin\AppData\Local\Temp\ReleaseFree.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\ReleaseFree.exe
  "C:\Users\Admin\AppData\Local\Temp\ReleaseFree.exe"
  2⤵
  - Loads dropped DLL
  PID:2544

C:\Users\Admin\AppData\Local\Temp\_MEI25082\python312.dll

Filesize
1.7MB

MD5
86d9b8b15b0340d6ec235e980c05c3be

SHA1
a03bdd45215a0381dcb3b22408dbc1f564661c73

SHA256
12dbbcd67015d6cdb680752184107b7deb84e906b0e8e860385f85d33858a5f6

SHA512
d360cc3f00d90fd04cbba09d879e2826968df0c1fdc44890c60b8450fe028c3e767450c3543c62d4f284fb7e004a9a33c52538c2279221ee6cbdb1a9485f88b2

Download Submit
memory/2544-23-0x000007FEF5B00000-0x000007FEF61D0000-memory.dmp

Filesize
6.8MB

Download