d070aec47b809ae4833b69f0c53dee88fd0aa8486f7023729cdca648ded82201

Resubmissions

21-02-2025 21:50

250221-1pxl8s1qer 10

21-02-2025 21:46

250221-1mw8pa1kdt 10

21-02-2025 21:29

250221-1cc23a1naj 10

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-02-2025 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

82.4MB
MD5

4266968add4bfe6fec37667a89a23fd8
SHA1

4a91ecb325e9665a9ea30e36440a608f32328c69
SHA256

d070aec47b809ae4833b69f0c53dee88fd0aa8486f7023729cdca648ded82201
SHA512

127033cf7929af73b3109d8a0c19c5135746e4b76024d0ca55b54b9b595421f291ef6e7fc0a667f44cd453683c4aff3c3735ee1b84e635fd549d9d2855c3d8fe
SSDEEP

1572864:Wn21lWiWwwOkiqOv8im2A6etgWXg6ln7PRQvdBNzAd6kGYBR3CJE3G1zLn:WMgidwOknOv8i35jWXg6l72dB2d6kLRo

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1824	source_prepared.exe
1824	source_prepared.exe
1824	source_prepared.exe
1824	source_prepared.exe
1824	source_prepared.exe
1824	source_prepared.exe
1824	source_prepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b28-1320.dat	upx
behavioral1/memory/1824-1322-0x000007FEF5930000-0x000007FEF5DC1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1824	1248	source_prepared.exe	30
PID 1248 wrote to memory of 1824	1248	source_prepared.exe	30
PID 1248 wrote to memory of 1824	1248	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12482\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
78c49a3429795319bab3eab13e06da57

SHA1
eba004f23c6421b53cbb38caed0b054316234bcb

SHA256
8e40cd2fa72684e7658936fab0f8aaaf4ef34cb0e627b54a352cf5769a772e61

SHA512
e6d4b0a725386352fd8652826ad26e0295561dff021558e72a8a8cb76c4f5e30bb9b04bd8d37fbec03ff744f65accbf50b29c9aee9ae1a4e8ce44fa2b04eaba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12482\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
9835cc887dfbc6bdd236188167928e3e

SHA1
fe807728459deeedcb14c4241b77fac68cd6a457

SHA256
8b8dcfa1b4384eee8472749413e27b56b4ee924d399d2f0addc923eb6a301ffe

SHA512
db6ccc9ac5b01b7bbf1dc210e9e58d85f2b3e3b015cd039daf2ad80270fb23ecff8f7621ef745ce7893d44551c1b09dc8cb783973c1768e99aabfb779b48241d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12482\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
47438067f4b559539f51a4d55a45fe91

SHA1
5c5b37d4502c38bf2a3f8ae98988a71d46f8e65f

SHA256
aaa79d4709383c4faa3a6c79899c853e07ca82d52fb6ec5da0eb3cc98168049c

SHA512
017e32de66d22dea43dc4075f6197507902a60826f27e1696f93f25f45e5a26537a5a9fd8cb6fb15036878ed816ecbf9f10d5543f3391629c450e0c422476f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e0d27b18a9409502c3288a46c8f984f6

SHA1
ed401b11ab0b1cff62a98cec674f241f3b3550a4

SHA256
df156ac18d7f78023ada0d5fe667620252b079a6a1f8a1f371aae549986434aa

SHA512
589a4994dfb58e31d6de10941b951ee14a9e006096807fd93098f5c5362c13ca190b34c1ad558a7c9aa8050ac690b7706d16aed8d0b86c1dac0355a373b000be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
20179816295e136cb9847706304d3eb2

SHA1
0e6b4938624f521c5f5f2994036c8d0ed68044cc

SHA256
b75ddc006e757d7d6a05b146e6874aa4c2b17da90b3ec0dd0910a5ae0d60000e

SHA512
a1449a5087ae75ba3acc4ee4c5d6a76f6fda6bc809db76e32619b6c288db3af7c74fab3e48f590fb3c10bf4ea1b0a36dea436cc23deea0125405f6002280c762

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12482\python39.dll

Filesize
1.5MB

MD5
6fcd974b9ea7af226e442b6106c594f0

SHA1
030d6b04bb6356bcedf518c309debbe8ca3cea05

SHA256
e22d2daa40a2df2185cdb949a4b8568e0546eff34d124fa2e830cc2cbebb192b

SHA512
fc3d9a1df30c1f19a2546286b83bcd1095efe7616f689f9913fc767c33652974e9e4ea4d66ca248b1787a3dbe766a23464d34752e1f26dfaeefeb6935f65d60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12482\ucrtbase.dll

Filesize
1.1MB

MD5
8e980cff0ef132b3608e4ef3db59535c

SHA1
391ee31a935d859ac097309b94765ef8347fec72

SHA256
8c91e50b7c66a95f89bd14785b6333caa5e3e9ab508d889a88880a24b29bddf8

SHA512
888df5dff9faa300100fdf2fe4f7323ec2fcb6b147ee4de9f4e9d0a640b1a95b9a538fe88bac3a697187701dd27190bef36e52929e682d94630c15c43bbb586a

Download Submit
memory/1824-1322-0x000007FEF5930000-0x000007FEF5DC1000-memory.dmp

Filesize
4.6MB

Download