8d4bff39360cbdd7d73a4adbd163ff195339b49752f33fadeb10be5699c7da8e

Analysis

max time kernel
141s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
24-05-2024 03:03

Target

GiVirusBuilder 1.3.1.exe
Size

213KB
MD5

267f3e8efb022fe788a6dc25b5674c11
SHA1

63e58b3a6f4052ef102009fecfbcce0740913a3b
SHA256

8d4bff39360cbdd7d73a4adbd163ff195339b49752f33fadeb10be5699c7da8e
SHA512

c1c1b0f04c88dad230f6b1638da851827ad58baa76787e954f575c73845c1d61ebc85715ca11b3f3569a8cc7a77d50d0aa7259b5172525337de5b4c6a34c1cc4
SSDEEP

6144:/ghwx4qFbiwtMKohz9fRmF+eEENw8p7Q1LHpoSjocs:/ge+B7KwuXEMwbRpoSEv

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/432-0-0x0000000000400000-0x000000000044C000-memory.dmp	upx
behavioral2/memory/432-3-0x0000000000400000-0x000000000044C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 3544	432	GiVirusBuilder 1.3.1.exe	81
PID 432 wrote to memory of 3544	432	GiVirusBuilder 1.3.1.exe	81
PID 3544 wrote to memory of 1812	3544	cmd.exe	82
PID 3544 wrote to memory of 1812	3544	cmd.exe	82

C:\Users\Admin\AppData\Local\Temp\GiVirusBuilder 1.3.1.exe
"C:\Users\Admin\AppData\Local\Temp\GiVirusBuilder 1.3.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4DE1.tmp\4DE2.tmp\4DE3.bat "C:\Users\Admin\AppData\Local\Temp\GiVirusBuilder 1.3.1.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:1812

C:\Users\Admin\AppData\Local\Temp\4DE1.tmp\4DE2.tmp\4DE3.bat

Filesize
137KB

MD5
eed61e44ae54dc807011351c026688aa

SHA1
07502ac5bbd086ce5feb209cdc15c95530bdd01f

SHA256
7fb61b7263b95f436db0ca5a058bc7b68ed286c83a5ad111e50bd83263033a29

SHA512
5c1a3bb1d8f402403c2b40cbdba51251167cd4b90937e48dccd4f0270df895957a097ff7493ce7f9e190b6c1b78e2e9161a83ec1dc83a9c34c15cbdc60ac8fdf

Download Submit
memory/432-0-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/432-3-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download