31c62617443f43f9f30a29ff09256ba39c333c93cd4a0c89f33b7b08e9693b01

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 07:23 UTC

Target

Built.exe
Size

7.4MB
MD5

e6b9012de1c43848ae5942a45f90edac
SHA1

566f05b4aad2b034eaeced1545358c0173716134
SHA256

31c62617443f43f9f30a29ff09256ba39c333c93cd4a0c89f33b7b08e9693b01
SHA512

64640537bfbe4d593d3b50a96c87bdfb1181e35b675f6dbcf6589d1bdd3efb393d7f5af2c26b7d3af906177ed64404acc530221e7866364fe55b1c0c00297bb7
SSDEEP

196608:5rkEP9VPyaurErvI9pWjgfPvzm6gsFEB4Au1:9lEaurEUWjC3zDb84Au1

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2944	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000016d07-21.dat	upx
behavioral1/memory/2944-23-0x000007FEF5CE0000-0x000007FEF62D2000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2944	3028	Built.exe	28
PID 3028 wrote to memory of 2944	3028	Built.exe	28
PID 3028 wrote to memory of 2944	3028	Built.exe	28

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2944

C:\Users\Admin\AppData\Local\Temp\_MEI30282\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
memory/2944-23-0x000007FEF5CE0000-0x000007FEF62D2000-memory.dmp

Filesize
5.9MB

Download