1bc8b335b0a1af5b0ecbf39f20946041219c551c7dc367ec6e4eb4e87107bc97 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 14:13 UTC

Sharing

Report Analysis Logs

General

Target

builded.exe
Size

16.3MB
MD5

936fe0891a1c8d90b443317f7d893870
SHA1

d7927c28f7c9279b5420c399bce948f9c274fc96
SHA256

1bc8b335b0a1af5b0ecbf39f20946041219c551c7dc367ec6e4eb4e87107bc97
SHA512

5c5698146016ede0e1a14080ec960a867f7be425a4bd25051f9a905d33e85c582ab3acbd641e70c4b9943b9b9ecb46e56ecb2d754ed2fb8c38bfa4437b71789b
SSDEEP

393216:HEkcqYFJWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnBEUPKS75:HkDFYQFS1QtI6a8DZcIlBkSF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2428	builded.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2428	1728	builded.exe	29
PID 1728 wrote to memory of 2428	1728	builded.exe	29
PID 1728 wrote to memory of 2428	1728	builded.exe	29

C:\Users\Admin\AppData\Local\Temp\builded.exe
"C:\Users\Admin\AppData\Local\Temp\builded.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\builded.exe
  "C:\Users\Admin\AppData\Local\Temp\builded.exe"
  2⤵
  - Loads dropped DLL
  PID:2428

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17282\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit