d7b9e8e4f4b9f1edc5b00d2e41f3c8bbc258bef7a8e79b69d293cc2e1b428dc0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built.exe
Size

33.5MB
MD5

9e6be6ca29f1e552e565a5164d315f0f
SHA1

7096e43342e8dd1651400315ca3718bdeee324dd
SHA256

d7b9e8e4f4b9f1edc5b00d2e41f3c8bbc258bef7a8e79b69d293cc2e1b428dc0
SHA512

8895ea28c889b3527e1cf9e2adebdaa49dd1ad6bd861b554f8fb7cb3a03f9c44e0c72aeec97fd8d557d7fcc7470991b7044dfb0e1ea7465d866f1289ce8c6c08
SSDEEP

786432:Q1cuoKYleejYhHT8A4xBwMZ9kb150v2MFekWGQ5ntc+RKy/pWaWV:IxAeejYhHTt4DwM/kB5Q/jQc6B3WV

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2472	Built.exe
2472	Built.exe
2472	Built.exe
2472	Built.exe
2472	Built.exe
2472	Built.exe
2472	Built.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00050000000195ea-73.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2472	1724	Built.exe	28
PID 1724 wrote to memory of 2472	1724	Built.exe	28
PID 1724 wrote to memory of 2472	1724	Built.exe	28

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17242\api-ms-win-core-file-l1-2-0.dll

Filesize
14KB

MD5
cb68b93a8f00dbde326167b4687e12eb

SHA1
d137d33c5685e188486768a0aa21bf3e2f1b0a8e

SHA256
adcac847108f73bb4fa568d15b57f2ca25f44c5ba43db490dbe5c0b5e45b866d

SHA512
50ccaab53b48e86ad625c1e47d2ec5380255869661cb58d456529e69d99335f1feadfe90c41664850c9944e6cba626e1fe19e1d0cd11e60a777f867728f9baf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\api-ms-win-core-file-l2-1-0.dll

Filesize
14KB

MD5
b5077f8597888a6c992c5a0ed411d030

SHA1
8d8e5593efbec6ac0d07375c53b40c6455428ed2

SHA256
a4cbe5eb1ba37433798803d65aa9a48ad9188490a46d5f19d7fb01efb45eda5b

SHA512
da7b874f694c91a41041a45d9f1085dd2d676f108d8a1fe11e5b921b50963735c8e38bb0e9de0fdeb36e6ff61d77bb20c2ecf102d6ed5a7f6d2fbb867b42f80c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\api-ms-win-core-localization-l1-2-0.dll

Filesize
17KB

MD5
a9bc8d4c284e7d8444f2c1d969403a1c

SHA1
d55b97b27906e149fa18f84d1f159086d4d77f44

SHA256
f8960e80bbf6e2bd87dda167fc9f62688fde157998844b693472384e5f3a35dd

SHA512
5747fb313f02c99e6f6e36698823a583bc5bcbdec0e2072005162a34124c4dc4aa3cb05ca6ea2b667bfe3686a2126d0f3d0d2fa363850cfcfd134e38f1f4a340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
15KB

MD5
6f1cdc7807283a3c4b83b20f2e4d1553

SHA1
3425eb289de69fcc64ac3b61647dbebd345a7e69

SHA256
1dc540c15550ee51c2429cd2f7307497ce6dc3ed50ed5a4f954d1ce57b19c3d3

SHA512
58281f3e30c272986d67fa8c4b8b8e1b7b9850a06b6333d8bfe04bfdc237b050fcf90003c69f9db23572970abb8f1f33386fb3abfee246c37477944bfb2f134e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\api-ms-win-core-timezone-l1-1-0.dll

Filesize
14KB

MD5
b7ac0f70118f9be4cfd7c59876143726

SHA1
636aba07d418c9abf551f2d818ed571c0039ddfc

SHA256
750e1b5c5546aa2d72761dfe8e5c2db2d399f292590599c27c28ffc697fad1ed

SHA512
ff118bfc1e410a167533d6d8c2d3c323048a1d739dea92c8a6823f78670b2e5708d8823a54edfc53d404aeac3abd0d6d8c0803eb9a8d0484c9119135d5519282

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\ucrtbase.dll

Filesize
964KB

MD5
5e03bf59002af99314d5339d47a5cc32

SHA1
527069969b3152b5f0c48809f3a22756feaf09aa

SHA256
ecc588c03734d61d39980977f76beeec198f0fb351ed6651a91a24a5d0c6e791

SHA512
67d11eea147970c1d5ee98964e867ce93f619fcd7f1fca8f3898dbd51c0d4cdb20af533fdb38caeb12fa2791369cf21523749256b8a5270a1fccab27ed8c58c7

Download Submit
memory/2472-75-0x000007FEF5970000-0x000007FEF5F58000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads