750b3344eda522e0edf7189b72b297f1aae6ab5b8cad613a67401515b93943e5

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/03/2025, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

30.6MB
MD5

e6f6cbf15f71da4575f0da330e1e65a2
SHA1

4b8bb744243059b70d7f7f8edd8f2858b6648ab6
SHA256

750b3344eda522e0edf7189b72b297f1aae6ab5b8cad613a67401515b93943e5
SHA512

b3eb2f50994a43b93310784fa1da9d29d154a6049aa05ab255f7679a3dc2c7df33819acb61910fd99817e6eaa95f77ab13b013818b04bcbd6e2c8e37aff13d8b
SSDEEP

786432:ltIuqEuqJow/lOW8vfX8O8l8dPXAbjlsnwCX11O74n:ltIupuelOWWP83lmPwjlswCrOo

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe
2808	source_prepared.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020a43-1206.dat	upx
behavioral1/memory/2808-1208-0x000007FEF5690000-0x000007FEF5CF4000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2808	2532	source_prepared.exe	30
PID 2532 wrote to memory of 2808	2532	source_prepared.exe	30
PID 2532 wrote to memory of 2808	2532	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25322\api-ms-win-core-file-l1-2-0.dll

Filesize
14KB

MD5
8e7853c75a8298e4682cb412653571c5

SHA1
ec07640649b48be6d6f751519158bb95bc816c55

SHA256
a61d930977a025d70091d5a8d921c5f824b04f44137f6ec4229afa52da85677b

SHA512
bcde69ac6b97e23df113a7900ae5e8021a397ab95f20c2074fdb7dbddaa7ee7e456c4a43a0f455bd1c7c81d994d5e25dba17a39bacc7a227436731a8bdbc7f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\api-ms-win-core-file-l2-1-0.dll

Filesize
14KB

MD5
fba1fd156c0db5bee150667711582996

SHA1
bb1f434926674878bd0ca8206d1ec4040b1315e4

SHA256
697a38d1fa4fd6689038bf639346adcfc998b41c287d0730e726277ae594338d

SHA512
4884fe2a22820db05d755e03b0d72025af0061014c69ea9b85f12fb90e86d7a793f231ffddc134740ea3f632caeb4e029d68abccc41b92bfaf0651a85986c6f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\api-ms-win-core-localization-l1-2-0.dll

Filesize
17KB

MD5
a0e416caac284eed95d6ed704ea3a1f9

SHA1
1d0c4a6be4f2a4d0de680412eba425a94efe81ae

SHA256
1a2c1eaf50b1ce8c770c2f46ff9879ee1f6778ba1c328ca092daafd15d0d72fe

SHA512
05e4c080c1fedf03e70ace2ce96d5a9a2e7a5cb0e6802557bf74b8849d1a14053d35fe46a9f1db93e8972047a34ae763dcfbcb995c5bc8e290eb9a3d765079cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
15KB

MD5
f11c5051e6dae221bc12035a58292d69

SHA1
c700ae53e1767c6c35cbd4513fb7af8b157b85b6

SHA256
7dc848b2d97d7c295f5862a7e8c354f10859f4d89666894882afe007ab9cd5f0

SHA512
8fa37c076d6c918c4f6e9f39d74aca2d4dd7a39b9822dda4ec49d25f980db52eb8ce1a143765ecb71bf620c86708c8c9f88f41b63abb9f7e07c6662d9c0a816a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
14KB

MD5
a69e58c2b6ec24546333de8405c61904

SHA1
15b4afd6c5a0defdbe15124423de983651284221

SHA256
0db5074fd5962d93580ff42d87dee4becf1802ec639cc05743a0c86300d5616c

SHA512
4a9d1650f60d0ec592ac0b6cc73a4ccfc21dd2cb746f34b0880e41b2e4dc74d9f39557685da5f8261227023ad064d489097484f727e020e9f3dcebf1f307b3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\python313.dll

Filesize
1.8MB

MD5
6b3a16dc31065257b7845d9ff611e3c6

SHA1
8cf971ee772193a93e49f4701f817bc6245cf81c

SHA256
3cdc6a436aa16671deb975af8290654a134bb916299677a08438fc7e91e6f7e6

SHA512
1d219471032c882b2e624ec1df951f6a59ee8ba39459d8eb917aaeec6899d0af6782580a5dc43ed1bbe852587c52bea32ba93ea195940335e2a19cc120c53aec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25322\ucrtbase.dll

Filesize
964KB

MD5
075060ecd921972732386540ce974be2

SHA1
efd9c34220a552ce5fa3d684e8588414ce3ceaf2

SHA256
08187184d43025176d9dbce929609e91218875c6a1176fd3600afea0a22be536

SHA512
dd10a3e8b317dcf8571a39017eaac7de7018d45590ce22af170ca638215a5cde2ec6bd85c495ea9167535ecf1914267fba52f1b49f5861a71231bab445ea1403

Download Submit
memory/2808-1208-0x000007FEF5690000-0x000007FEF5CF4000-memory.dmp

Filesize
6.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads