8b37ff714e6295964cdc815a79a20247add303cd374e0c8e9e62c428a66ca6d2

Resubmissions

20/02/2024, 21:14

20/02/2024, 21:09

20/02/2024, 21:06

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 21:09

Target

Built.exe
Size

6.8MB
MD5

cf9da91a3cd4df4b55be21f4508d236c
SHA1

d133f5768f1cbd9b1b36c3ca438f6e1f469aa27d
SHA256

8b37ff714e6295964cdc815a79a20247add303cd374e0c8e9e62c428a66ca6d2
SHA512

250c6bac126b29749753fd9d3fed8c7141930cd95c6fdc1eb7515a4c73377dfef0f6a8cb3c0f300eaf116e43e866d0fb0250edecd81ed5727894c309d2f847b2
SSDEEP

196608:HQV1YHIB6ylnlPzf+JiJCsmFMvdn6hVvsI:mBRlnlPSa7mmvd+UI

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2908	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000600000001482e-21.dat	upx
behavioral1/memory/2908-23-0x000007FEF6500000-0x000007FEF6AEA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2908	2484	Built.exe	28
PID 2484 wrote to memory of 2908	2484	Built.exe	28
PID 2484 wrote to memory of 2908	2484	Built.exe	28

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2908

C:\Users\Admin\AppData\Local\Temp\_MEI24842\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/2908-23-0x000007FEF6500000-0x000007FEF6AEA000-memory.dmp

Filesize
5.9MB

Download