0fec9e5167d5983e668d2163677d4a7d4586ba59258c909aeb8591688e1b62b2

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-02-2025 20:03

Target

source_prepared.exe
Size

24.3MB
MD5

b76568ad6700966d3492c3222c209729
SHA1

b8049433408a3ec0de811373b5e21dbcc6806e64
SHA256

0fec9e5167d5983e668d2163677d4a7d4586ba59258c909aeb8591688e1b62b2
SHA512

1a9987335a3ef55ddfe3f701a9cecefbf73f2260ebe5edda1bf4684695c4beaf888b8ab1ef7769d7b8d84616eaa07a668b2b13c17a9887129dd11f9327aa6402
SSDEEP

393216:V2L62LqCeYw5OtW8xLevSiIZA0dfY8sosL/gYiVOdlVJIe:PowIW8Fgqflsow/1RlVWe

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
296	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000300000002096c-1098.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 296	2180	source_prepared.exe	30
PID 2180 wrote to memory of 296	2180	source_prepared.exe	30
PID 2180 wrote to memory of 296	2180	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:296

C:\Users\Admin\AppData\Local\Temp\_MEI21802\python313.dll

Filesize
1.8MB

MD5
6b3a16dc31065257b7845d9ff611e3c6

SHA1
8cf971ee772193a93e49f4701f817bc6245cf81c

SHA256
3cdc6a436aa16671deb975af8290654a134bb916299677a08438fc7e91e6f7e6

SHA512
1d219471032c882b2e624ec1df951f6a59ee8ba39459d8eb917aaeec6899d0af6782580a5dc43ed1bbe852587c52bea32ba93ea195940335e2a19cc120c53aec

Download Submit
memory/296-1100-0x000007FEF5B40000-0x000007FEF61A4000-memory.dmp

Filesize
6.4MB

Download