ae84c9fe78a18533d04312073114fe816bc711235d1db2e1484dbba17289cab9

Resubmissions

22-02-2025 19:09

250222-xt5xmawnhn 10

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-02-2025 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

82.1MB
MD5

c5788d40142985c88426fc085c92c576
SHA1

f40ebc7b4ae3dccc07cb812c9c3cdebe4f8dfc4e
SHA256

ae84c9fe78a18533d04312073114fe816bc711235d1db2e1484dbba17289cab9
SHA512

75594f6dc4c9178ad5b5f2994c00539128e4f997bb7974784feaa248911b12d2f28ce2a8425c3b16efd203479d26bd64eb60c4f7c43d4a43644bde52fa5e9f54
SSDEEP

1572864:tbVlFW3HOkiqOv8im2A64JDmclKinfMCdUYzpBGyNZejls0e:tpTOHOknOv8i354hmcMinaYtdZ5

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b45-1336.dat	upx
behavioral1/memory/2808-1338-0x000007FEF56F0000-0x000007FEF5B55000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2808	2664	source_prepared.exe	30
PID 2664 wrote to memory of 2808	2664	source_prepared.exe	30
PID 2664 wrote to memory of 2808	2664	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-fibers-l1-1-1.dll

Filesize
21KB

MD5
050a30a687e7a2fa6f086a0db89aa131

SHA1
1484322caaf0d71cbb873a2b87bdd8d456da1a3b

SHA256
fc9d86cec621383eab636ebc87ddd3f5c19a3cb2a33d97be112c051d0b275429

SHA512
07a15aa3b0830f857b9b9ffeb57b6593ae40847a146c5041d38be9ce3410f58caa091a7d5671cc1bc7285b51d4547e3004cf0e634ae51fe3da0051e54d8759e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
cc228ff8d86b608e73026b1e9960b2f8

SHA1
cef0705aee1e8702589524879a49e859505d6fe0

SHA256
4cadbc0c39da7c6722206fdcebd670abe5b8d261e7b041dd94f9397a89d1990d

SHA512
17abd9e0ec20b7eb686e3c0f41b043d0742ab7f9501a423b2d2922d44af660379792d1cc6221effbd7e856575d5babf72657ae9127c87cc5cf678bd2ceb1228f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
e368a236f5676a3da44e76870cd691c9

SHA1
e4f1d2c6f714a47f0dc29021855c632ef98b0a74

SHA256
93c624b366ba16c643fc8933070a26f03b073ad0cf7f80173266d67536c61989

SHA512
f5126498a8b65ab20afaaf6b0f179ab5286810384d44638c35f3779f37e288a51c28bed3c3f8125d51feb2a0909329f3b21273cb33b3c30728b87318480a9ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
5241df2e95e31e73ccfd6357ad309df0

SHA1
2644cc5e86dfad1ad2140181ab2ca79725f95411

SHA256
6ee44dd0d8510dc024c9f7c79b1b9fa88c987b26b6beb6653ddd11751c34e5dc

SHA512
52cccd1dd237e764e34996c0c5f7a759a7f0eff29b61befeaf96a16d80df2ba9ee2c3615f875153198a145d68f275aea6d02187e6eee5a129e3e2ab81aaceb16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
385f562bdc391ccd4f81aca3719f3236

SHA1
f6633e1dac227ba3cd14d004748ef0c1c4135e67

SHA256
4ad565a8ba3ef0ea8ab87221ad11f83ee0bc844ce236607958406663b407333e

SHA512
b72ed1a02d4a02791ca5490b35f7e2cb6cb988e4899eda78134a34fb28964ea573d3289b69d5db1aac2289d1f24fd0a432b8187f7ae8147656d38691ae923f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
21KB

MD5
fc9fc5f308ffc2d2d71814df8e2ae107

SHA1
24d7477f2a7dc2610eb701ed683108cd57eca966

SHA256
2703635d835396afd0f138d7c73751afe7e33a24f4225d08c1690b0a371932c0

SHA512
490fa6dc846e11c94cfe2f80a781c1bd1943cddd861d8907de8f05d9dc7a6364a777c6988c58059e435ac7e5d523218a597b2e9c69c9c34c50d82cac4400fe01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
43d8d2fb8801c5bd90d9482ddf3ea356

SHA1
d582b55cd58531e726141c63ba9910ff185d72e0

SHA256
33f4fddc181066fce06b2227bded813f95e94ed1f3d785e982c6b6b56c510c57

SHA512
0e073381a340db3f95165dbcceb8dfbf1ed1b4343e860446032400a7b321b7922c42ee5d9a881e28e69a3f55d56d63663adb9bb5abb69c5306efbf116cc5e456

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\python310.dll

Filesize
1.4MB

MD5
190fa7c1e8fbbadd8a23ca249905ae87

SHA1
366dedb6de0d3134b00b558073948ce917143a08

SHA256
77e4b8d08215e745332043f56d5d7113e0475c7f21ec5f832c633013c05f10d1

SHA512
49f59c7aaf3f276bbda3ea145631443de8a22eaf162d8419ccc3d421d30397b6260db2b48da9f6a0691b3694e285d451e2aaf1964146a9cd9fe73e520a20ed41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\ucrtbase.dll

Filesize
1.3MB

MD5
286b308df8012a5dfc4276fb16dd9ccc

SHA1
8ae9df813b281c2bd7a81de1e4e9cef8934a9120

SHA256
2e5fb14b7bf8540278f3614a12f0226e56a7cc9e64b81cbd976c6fcf2f71cbfb

SHA512
24166cc1477cde129a9ab5b71075a6d935eb6eebcae9b39c0a106c5394ded31af3d93f6dea147120243f7790d0a0c625a690fd76177dddab2d2685105c3eb7b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\wheel-0.45.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26642\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
21KB

MD5
0c1cc0a54d4b38885e1b250b40a34a84

SHA1
24400f712bbe1dd260ed407d1eb24c35dcb2ecac

SHA256
a9b13a1cd1b8c19b0c6b4afcd5bb0dd29c0e2288231ac9e6db8510094ce68ba6

SHA512
71674e7ed8650cac26b6f11a05bfc12bd7332588d21cf81d827c1d22df5730a13c1e6b3ba797573bb05b3138f8d46091402e63c059650c7e33208d50973dde39

Download Submit
memory/2808-1338-0x000007FEF56F0000-0x000007FEF5B55000-memory.dmp

Filesize
4.4MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads