2115a3bcca4d1396f20bccb83edc159181713981fe2258795199ef0e20b48658

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
16-02-2025 01:41

Target

setup.exe
Size

29.9MB
MD5

2bf7a91152bef1ad1612024cd9ed291b
SHA1

131e31ceb448532e92cce9be36939f2ffc2b19e8
SHA256

2115a3bcca4d1396f20bccb83edc159181713981fe2258795199ef0e20b48658
SHA512

3db56487d529fde1c977b05bf7b38b15e573acdc7a2554bd4ec7736cbd30cd1b234fa258014efd41f4b1bb86aa81aca76361adf0f99135bdf4ebab9e8009a2fa
SSDEEP

786432:Row/lOW8ClOEl8dPXAflso7wFieDNVQe:vlOW5lzlmPUlsmoNX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2936	setup.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00030000000209ed-1155.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2936	2904	setup.exe	31
PID 2904 wrote to memory of 2936	2904	setup.exe	31
PID 2904 wrote to memory of 2936	2904	setup.exe	31

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Loads dropped DLL
  PID:2936

C:\Users\Admin\AppData\Local\Temp\_MEI29042\python313.dll

Filesize
1.8MB

MD5
6b3a16dc31065257b7845d9ff611e3c6

SHA1
8cf971ee772193a93e49f4701f817bc6245cf81c

SHA256
3cdc6a436aa16671deb975af8290654a134bb916299677a08438fc7e91e6f7e6

SHA512
1d219471032c882b2e624ec1df951f6a59ee8ba39459d8eb917aaeec6899d0af6782580a5dc43ed1bbe852587c52bea32ba93ea195940335e2a19cc120c53aec

Download Submit
memory/2936-1157-0x000007FEF6320000-0x000007FEF6984000-memory.dmp

Filesize
6.4MB

Download