348dc41dc1e75835c4c49bd5b12849966734b44c54f4f4be00a7cb9ac5455861

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26/03/2025, 16:55

Target

Loader/Loader.exe
Size

7.5MB
MD5

251ac55d55b47ec078473eeaa1e510e7
SHA1

1126ce753d5f4916e5e4f0fa5fa002bd7bce181b
SHA256

60bbd89cca19b257dd70d37ce4907d86e96b2711da5d945dd4204a88edad318b
SHA512

90120ff2ac2ad04758279695b43b45759829535d7b8519a2907bc2b1169a1e510a7e383e2347e7f15225de1a924bd9b77637d9c77e7838d99b062c279ae3912f
SSDEEP

196608:pWOgoiwfI9jUCH0+n4/JKIYJmg+Irj+dD1SAxw:28IHU+GJPYf9ydD1s

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2712	Loader.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019cca-21.dat	upx
behavioral1/memory/2712-23-0x000007FEF6F10000-0x000007FEF75D2000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 2712	1012	Loader.exe	30
PID 1012 wrote to memory of 2712	1012	Loader.exe	30
PID 1012 wrote to memory of 2712	1012	Loader.exe	30

C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Loader\Loader.exe"
  2⤵
  - Loads dropped DLL
  PID:2712

C:\Users\Admin\AppData\Local\Temp\_MEI10122\python312.dll

Filesize
1.7MB

MD5
b4aca05e0313328b0cb6c696b15dc130

SHA1
2aee2e1f3c9135651a61453b0a3480bda49282e0

SHA256
a6a2a464dfbb3bf5dad26a0eeae1af443160e2996ca59b85a9669e94b1a0d136

SHA512
2a2bb820ff9103379c7b273c1dde88e4701232c4793df0641a095a48c0f19d73300df7fd0e2433977667864279e8a8b5da6d0df493c46adf408c291469d81f6a

Download Submit
memory/2712-23-0x000007FEF6F10000-0x000007FEF75D2000-memory.dmp

Filesize
6.8MB

Download