3ea6f7524f8931299f6321074e53b931417dedfc90ab9112f33ed45f5da76858

Resubmissions

19/03/2025, 21:22

250319-z8a2xatshv 10

13/03/2025, 20:01

250313-yrvjjs1ydx 10

13/03/2025, 19:41

250313-yd3m1a1vbt 10

13/03/2025, 06:53

250313-hnlt8sytht 10

Analysis

max time kernel
6s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250313-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250313-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
13/03/2025, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

S1ModLoader.exe
Size

87.5MB
MD5

51d993521dfe63cc06813bedcbd6afc9
SHA1

bd3946664fadd9da36a51d39d7443efcce06cb34
SHA256

3ea6f7524f8931299f6321074e53b931417dedfc90ab9112f33ed45f5da76858
SHA512

178dc4f6949500bc8544bbb6662663091e3a8744695abc2e75fe7fe508324e096fde0efbf547d2c5f7c00eeda49ef846562ff8aa0f17354086fda83b8efad52c
SSDEEP

1572864:xNK+4lqWLqP0OkiqOv8im2A4lE7flPLiYgj+h58sMwGe3CpcJ5AS:xP4MdMOknOv8i3LeJF5qe3DA

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5048	S1ModLoader.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000028716-1264.dat	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 5048	2312	S1ModLoader.exe	80
PID 2312 wrote to memory of 5048	2312	S1ModLoader.exe	80

C:\Users\Admin\AppData\Local\Temp\S1ModLoader.exe
"C:\Users\Admin\AppData\Local\Temp\S1ModLoader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\S1ModLoader.exe
  "C:\Users\Admin\AppData\Local\Temp\S1ModLoader.exe"
  2⤵
  - Loads dropped DLL
  PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23122\python311.dll

Filesize
1.6MB

MD5
546cc5fe76abc35fdbf92f682124e23d

SHA1
5c1030752d32aa067b49125194befee7b3ee985a

SHA256
43bff2416ddd123dfb15d23dc3e99585646e8df95633333c56d85545029d1e76

SHA512
cb75334f2f36812f3a5efd500b2ad97c21033a7a7054220e58550e95c3408db122997fee70a319aef8db6189781a9f2c00a9c19713a89356038b87b036456720

Download Submit