7713981d45396a28e415b79851133fbe2c812fb14f9f8bae7dc5a59ed363030d

Analysis

max time kernel
9s
max time network
4s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-02-2025 03:52

Target

BootstrapperNew.exe
Size

83.4MB
MD5

0f246c20a8cb4a9b00fd27397ef55ba3
SHA1

b566b643252b7430b89c066aca0dfaa9fe1f5a7a
SHA256

a77d2c65860fd91eb491d4949ca5562ddad2618f64ca0efadb47b4ffbf3254f7
SHA512

b3c61c8de8d04c9357b596ef274c70f49e8a4f9675db2af77edc08edcd86bc0c2d1af214321c3ae5b4077187d07d261a6d0e45a1bf2f0c300fde1d3ec878c059
SSDEEP

1572864:nVjlQWC6uqnOkiqOv8im2AqlE76lhCiYweyJulZUdgMzZVcd72:d2MuqnOknOv8i3dnLfpuoTcZ2

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2036	BootstrapperNew.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a6a-1271.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2036	1268	BootstrapperNew.exe	30
PID 1268 wrote to memory of 2036	1268	BootstrapperNew.exe	30
PID 1268 wrote to memory of 2036	1268	BootstrapperNew.exe	30

C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
  2⤵
  - Loads dropped DLL
  PID:2036

C:\Users\Admin\AppData\Local\Temp\_MEI12682\python312.dll

Filesize
1.7MB

MD5
3c5c6c489c358149c970b3b2e562be5f

SHA1
2f1077db20405b0a176597ed34a10b4730af3ca9

SHA256
73a22a12ea3d7f763ed2cea94bb877441f4134b40f043c400648d85565757741

SHA512
d3fb4e5df409bf2de4f5dc5d02d806aee649a21c339c648248b835c3d5d66ab88312c076c149eaadaa3ce0fb43e6fa293bfa369d8876d6eb18742bd9d12448e3

Download Submit
memory/2036-1273-0x000007FEF5A90000-0x000007FEF6151000-memory.dmp

Filesize
6.8MB

Download