dc21544389191db1ecad74434878d61245f63335550a20af86d799043bfbbbec

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 21:21

Target

Solaris.exe
Size

75.4MB
MD5

4b04a252512daad6d11c51446573e04d
SHA1

540eb73a64c396d5da19c9267a4f60152817db8e
SHA256

dc21544389191db1ecad74434878d61245f63335550a20af86d799043bfbbbec
SHA512

e6a98e0d404d2e065f5eceef36d9b8d8b560967251fb4564deb4929824c5d603bab8bb0472a2f957e30623f2c4d3e7a38f269b4aaf3aeb39f1a68fa66f2ce1ad
SSDEEP

1572864:0gvFUQ6l8GSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQZn6Oflz:0gvFU1iGSkB05awIxTy5nMHVLteS3bf9

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

Solaris.exe

pid process

1728 Solaris.exe
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\_MEI22442\python310.dll upx

pid	process
1728	Solaris.exe

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI22442\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Solaris.exe

description	pid	process	target process
PID 2244 wrote to memory of 1728	2244	Solaris.exe	Solaris.exe
PID 2244 wrote to memory of 1728	2244	Solaris.exe	Solaris.exe
PID 2244 wrote to memory of 1728	2244	Solaris.exe	Solaris.exe

C:\Users\Admin\AppData\Local\Temp\Solaris.exe
"C:\Users\Admin\AppData\Local\Temp\Solaris.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\Solaris.exe
"C:\Users\Admin\AppData\Local\Temp\Solaris.exe"
2⤵
- Loads dropped DLL
PID:1728

C:\Users\Admin\AppData\Local\Temp\_MEI22442\python310.dll
Filesize
1.4MB

MD5
933b49da4d229294aad0c6a805ad2d71

SHA1
9828e3ce504151c2f933173ef810202d405510a4

SHA256
ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

SHA512
6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

Download Submit
memory/1728-1263-0x000007FEF5A80000-0x000007FEF5EEE000-memory.dmp

Filesize
4.4MB

Download