Analysis

  • max time kernel
    23s
  • max time network
    29s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-06-2024 01:45

General

  • Target

    Buildbox_2.3.3-1986.exe

  • Size

    73.1MB

  • MD5

    9b2ecb1f95301a8e76ffbaed050fff82

  • SHA1

    67dc37f65486db3c590531b0641e8dd903d24d5d

  • SHA256

    7652dd1511c8d8e8a00f90ce3cb576ed948c1e198ccb9b84a6a40e5cc951d5a0

  • SHA512

    dc58176acbab4a6ede103bffbdcb76813b9cd426758a6ba0b329fa4dfb4012354025a5d28f942138a6c1de5f378f08c405d67ab8995245ce47f92c04f8b47b33

  • SSDEEP

    1572864:5lEPKDpk+3Pxd32li14xgms5bSdZXpW9QUqAPOy+xYyaFJGWI:5jpr3PxdmliqxQ5uJW9QUqjxY5FJ5I

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 45 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 8 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Buildbox_2.3.3-1986.exe
    "C:\Users\Admin\AppData\Local\Temp\Buildbox_2.3.3-1986.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Users\Admin\AppData\Local\Temp\is-8NAB7.tmp\Buildbox_2.3.3-1986.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8NAB7.tmp\Buildbox_2.3.3-1986.tmp" /SL5="$70232,76352150,56832,C:\Users\Admin\AppData\Local\Temp\Buildbox_2.3.3-1986.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4056
      • C:\Program Files (x86)\Buildbox\BuildBox.exe
        "C:\Program Files (x86)\Buildbox\BuildBox.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:4168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Buildbox\BugSplat.dll

    Filesize

    300KB

    MD5

    24e4da53ab6b3b7bb924eacbd46a59ec

    SHA1

    09f2796118ac55d14382d674e1f6e151278a737a

    SHA256

    1058c80da7643d8446b18a6f657dafc5d2530fea839d6f763d29599d36ddb002

    SHA512

    0197fe449573b774d032b1dbcee6d9b38901c718dc7380ce4311979b243e11d2384c8f038e9e8521c7200f2144e4b0be840b72e94fc105e8d1e310bdf89eb3fe

  • C:\Program Files (x86)\Buildbox\Buildbox.exe

    Filesize

    23.7MB

    MD5

    29211004fe19a0b2d549dc7e09431e30

    SHA1

    6ec77df7afe978c0be258a71c64cb0ae9a5da80a

    SHA256

    87259f60583c8efd5a9f496c68b9aa8e0f700d4efa6c0f094cc821c781ffad00

    SHA512

    5f0c330bcc75904b9b6bf3d46dc1913209c11eb9984e3e8dca3804c0df39360daae9e6dd843323ea00e3524eb73e3c223381c8de3836c2b8d42d0a2a6ddab598

  • C:\Program Files (x86)\Buildbox\OpenAL32.dll

    Filesize

    106KB

    MD5

    235355a8dd26903e75d5e812ecf50e53

    SHA1

    8316319341a0f9054e19e4a7b21df3dc49386fee

    SHA256

    1797d150a2e23af4f390f5c33eb598c6f58d0454011d74941f5316add900bbdd

    SHA512

    5beb9343028790f993d0acb1007fd112b7e2ef6f9fbedfdb62b0140d2bbadf3b6368417ea19edb0bc8674d19418e5784fef4430ce1c329de8e83c304706d39ac

  • C:\Program Files (x86)\Buildbox\Qt5Concurrent.dll

    Filesize

    24KB

    MD5

    db5eb6b661069bff193a73278bf01220

    SHA1

    a9908f4be826c951ba6db2b726bd99a24e114874

    SHA256

    5c2442dc0f8aef9e57c0c191645fc5cf89c0f2a749ec549595d65c577510bbbd

    SHA512

    4a10d4aace186676792391007a237d865f950d258e9ea10c49474331c47843f21918863579716ce93701122061121c51a54d4d2869a2a63410e38e603dafeaad

  • C:\Program Files (x86)\Buildbox\Qt5Core.dll

    Filesize

    4.4MB

    MD5

    aff1410e04d4951ee99ae2f9a590f5eb

    SHA1

    517a6ae0364b8f014e23a671cccda9947ba5eede

    SHA256

    8a02bfc68a23a2b329aa367465b9f1084f88c213956eee25a2e51e45ad15b920

    SHA512

    6c462a84fad9c8401cc0355c10e7dcb075bd259642d7909809a08fed7c1d24f7c17fb619c7cf97edcc261e5a3161a3cc69ace594fe2c2b52557447c462e1d7f9

  • C:\Program Files (x86)\Buildbox\Qt5Gui.dll

    Filesize

    4.8MB

    MD5

    5da3f3db9c706d6f6c4bfb9a9166d4fb

    SHA1

    15484532a0ca2951a5c2377ea6f576134ac13652

    SHA256

    183a47dbb0fd24ed8c992c83e2701dc303615f97bc7a23c3866fa6ea2d2246ee

    SHA512

    ec3beefaeea95024c8c3ef5556fe9a9e8678637d72a42ecd3fb469ca8360eede6256ee69d4bc06e585e3ee9c63432bd99b94e4e29abcf3f4dbab84dc22e34e64

  • C:\Program Files (x86)\Buildbox\Qt5Multimedia.dll

    Filesize

    570KB

    MD5

    768c23339bdde83cdc48b5c342294761

    SHA1

    48d08dd5ea343562d282f8acddd78abb4c606efc

    SHA256

    855a4e8beac933f852814aa826628f1a40daedd990b6e644904aec162078ea37

    SHA512

    f1d5087261a39fddd20f67a5221494f96a9ab608bf187c52fe32eb08becf556abec159636bc203bb3a2fbe5074c9825c59e22a0a608227b2e427a65a2a43cce7

  • C:\Program Files (x86)\Buildbox\Qt5Network.dll

    Filesize

    832KB

    MD5

    4cda8d643b69a4bf252c72f59d60f0de

    SHA1

    6f9b3bb2c222f54b9917c2a7e6d2d81c2cbf8aa7

    SHA256

    24d9de8928483b430ab58ade592569d3cf8c16afea86222fbcedeef574379fe1

    SHA512

    c07f2ea6fc73d44775343df4b2ee97ad135d64c15826de77d7c024ae9ff68f8f210dd2e88b8b1701e8483f8745f23c706420d86fc568a18d18a48c23be3dbca5

  • C:\Program Files (x86)\Buildbox\Qt5OpenGL.dll

    Filesize

    269KB

    MD5

    93b9040684854ad1c9a8b1596d1349eb

    SHA1

    d94a0f862113d445e2b59f46141dcc1fd73c6956

    SHA256

    281271288b3069a391b1566c8d5a48385185709d1f54df7e863a155e84320e8f

    SHA512

    71ecb5dbb365ad7059ffee6fbfc81b534ed5226c4ca9095e6ba928b96ff00890a405d9dc75c53e95fb9667268c18f102bd0a663d4c54cb63dd3f5473a2d8c598

  • C:\Program Files (x86)\Buildbox\Qt5Qml.dll

    Filesize

    2.4MB

    MD5

    3a813d71523345354abdf740db0a3483

    SHA1

    39b3f1c2192dac27c30ace85d422becac090a975

    SHA256

    dd8b7c26cf6ce16ba06170f488a32418a0736cd664d451b6933751aa798bf4ca

    SHA512

    2b268c11a2dd2d5c0f7e8b9487207fa6ecb1af884ad5922cc7939fe22f01bab35290ba19a2405ab9e506b54d97da7a2856dbcea698a3fea650d0c89c3acfcffe

  • C:\Program Files (x86)\Buildbox\Qt5Quick.dll

    Filesize

    2.4MB

    MD5

    43cf2d911934efd8df5cbc1de5690d92

    SHA1

    8389d7fde1977108ac76f682aea6bfde7452ff3f

    SHA256

    861e76c4d8d467a046c4205a7c66921f19efe35267c4a9a53e7c680f2a67bf62

    SHA512

    8f0e61a39a2b32c8d83c0caa36dd48e7dc4618f1af101170586d81a4619838f6d7733bff3d1f0d0b990099bb024e5911083fe617625a8a7e1e9608ca8066ca8a

  • C:\Program Files (x86)\Buildbox\Qt5QuickWidgets.dll

    Filesize

    54KB

    MD5

    f4681cb0fd76a85d51cb79b0d4dba66a

    SHA1

    063482b7a23b1bb4523fdaf99e0f973937d09f36

    SHA256

    151fda07305e751ac685e7f786868c7d91062580339cee7aff373b3478bf2eea

    SHA512

    9776f8b5934a3966852f1b19a0104df1246f3dedea89614f628dc2441c0e23f524ee3c00239aef198d78070bb447c793bac9eec5f92b85da1368d3662acf1ce1

  • C:\Program Files (x86)\Buildbox\Qt5Svg.dll

    Filesize

    249KB

    MD5

    e6fcc448413e4ad9c469baf9c0ed3f74

    SHA1

    4674c785a67eb884b2cc168f94f20438ccf238b5

    SHA256

    e7ed455e744aacdbe64210b03d38616fedff3c15d80a521d3f879f90ede9fb4c

    SHA512

    afe23657a84fb72b22b8a525617a305b1321c6ea695a47da690e927065d311a537881afac7a3d78917338eddf4b1094c98c882431ba9006a75ad841e2493b58d

  • C:\Program Files (x86)\Buildbox\Qt5Widgets.dll

    Filesize

    4.2MB

    MD5

    ce8e2ec1bb6db7861f11f87f1465c3f8

    SHA1

    2c60dd9b5671f5d6874172ce371f1ff1f7f86de5

    SHA256

    03041ee863f0db435dd5324f5dd74ccea7ab5065378a716012725ee1d396410a

    SHA512

    cb1ae581e4b79d0a97408765d7d3cbe0f62fbeb4d70a97cb6a8bd66b394fb8809e50d7f40c7367b671ab902f0920f21789d30562e803cc4a68bcc455d0dbdcfb

  • C:\Program Files (x86)\Buildbox\WinSparkle.dll

    Filesize

    1.1MB

    MD5

    4c5d8b2fb660736e60fa8bc8858d61c2

    SHA1

    99e441f83c2119929b7222fe9c75e8d395ac662d

    SHA256

    d366c6ff48537015cc8e13532d24085ef8e4619fe0fb08cc52604c13fcb379ff

    SHA512

    5287eedaf476c03bc84dcd084f1c5a8815187ea93de2f0a7bf553e713c090199ac1906dc3cf61630d4066a3b98e03f6706661d824b23ce3c360b08043c0216d9

  • C:\Program Files (x86)\Buildbox\bearer\qgenericbearer.dll

    Filesize

    39KB

    MD5

    ea2a69ffa86f276ca2ccf884795458d8

    SHA1

    da8f1713eeba13475afb4eb6a2e7686d83de6f93

    SHA256

    79429d20eef5d2f94aaab2b033658caaf4b373005862884d5a4809c5d3839640

    SHA512

    b23de1521f92bf62c0dc51bbe5a488d39892e147341a5352c8d12bd3d213dcdd8ff988eadb85af8ceadafa3c36bc32c353a9a62762e5aaffafb92f1bf723c315

  • C:\Program Files (x86)\Buildbox\bearer\qnativewifibearer.dll

    Filesize

    41KB

    MD5

    f3520c8e3826958b84e296b997059831

    SHA1

    4d8f5da58c6b6ab8f54d6bbb3cbd284df3cf3ec7

    SHA256

    39887f5ec6246d37bfa6310f810860852c8e7b7e2235872d50c233dfa1ffbe31

    SHA512

    1c78a382ae76194405065be2c1c9154fb23907350ff565f1ecefa2962d12f3e380eaae23872a7bd504502ace1770f4465152a5a84686588b17398b8e0113c703

  • C:\Program Files (x86)\Buildbox\jpeg8.dll

    Filesize

    405KB

    MD5

    b1bc787d201208e4ac31481e69aa7945

    SHA1

    ec66ba4c7971e945fafb196341781093727810b5

    SHA256

    1e599fc5780f37c00045d11a89e8b67162eca6c34f2be9b220a070961df55dce

    SHA512

    1586528d233ec8c85ab7ba2349d2c29705436f2c62a05906d4eee39aca95fa03f9ee604c81de77f6c0962600ab7c24b59c839b317d137365a9f11ab7402815bb

  • C:\Program Files (x86)\Buildbox\libeay32.dll

    Filesize

    1.1MB

    MD5

    4aa1de28ba1b547dbf2588f9648eef4b

    SHA1

    79dc7a438d4b5760e6be1898d49a3699746c1606

    SHA256

    d203d7ab373e07e09c2e23c40557592ef95b0c7f6b728c9379524a1469f7222c

    SHA512

    00b372761c331ba4b75eb4205aa18e3a6d493a881e7946313334d6ea8c895db6c51dee4def894b1e41c8eee95489f70afd4426446abab35e7dfa283800102aee

  • C:\Program Files (x86)\Buildbox\libmpg123.dll

    Filesize

    143KB

    MD5

    17811849ce38b1e58f9616b808868f1f

    SHA1

    095188023246f531cd00e9239b6d4daa20ebd3a6

    SHA256

    d1510777414af5f915cd1a6b8bd4a9b6a9df2ff01b801990c5dc051902548616

    SHA512

    7c8b71a8d3df861cdc52f34a845271dabb1e0a04d0fbee4fc5021f0ca5f9c56e88484366e3612c178410116c40f48ea49d551c5521382b7e80e0c43e9fb3f3dd

  • C:\Program Files (x86)\Buildbox\libogg.dll

    Filesize

    64KB

    MD5

    b184c38711f42e3fa96a08402297bf56

    SHA1

    812da38a9ae9cdbe9290c4fbf74d8cad3a962744

    SHA256

    dd342fa7482c586fe522fa1422eee5ee6cbf76fe256dce5973fb42ea62c003fa

    SHA512

    f0bbd7d3604f33bcf03fd16c5082aed4ab24111bbcd1861a01f499501fbf22245be5a3c1662ac823130e9f4f65106d3238ddb98bfdd59add527bd9d24be7b6a6

  • C:\Program Files (x86)\Buildbox\libpng16.dll

    Filesize

    155KB

    MD5

    82f18505c175685a037a298472ea9f71

    SHA1

    b45935ffdaaaaa1446c0080937b78c890036d718

    SHA256

    726b6a9211b0776d67635d9c4f681ad918df3c9ab00e5b99eb5b1dbffafbb769

    SHA512

    97998f414f108cf6359ac5244d0c66eb0f4056b22eba93767d7f58dc7b0b93745e1ebe179eff34dec1ab85c62aff191da5e1075b256669ed467525bab99af196

  • C:\Program Files (x86)\Buildbox\libtiff.dll

    Filesize

    513KB

    MD5

    c741db91cddb32c0ccd1fab980b1a5a4

    SHA1

    08f624cff407b25c6ecca087f763bd02e69231bb

    SHA256

    2d7b7f76089829aac2fa043d712e3a908563bf77f4e7da6e82d86bb0467a9feb

    SHA512

    7f92e7cdc0feb16ca42eb9f588a92a481b402ef00c0e02b8236f8925bd828507a4e6c1b576d9639184a15322107d0d3810817d1529ebf6f94ff18ea070c67e76

  • C:\Program Files (x86)\Buildbox\libvorbis.dll

    Filesize

    1.2MB

    MD5

    eaaddbca6c8795fdc0f4cd6c4ccff600

    SHA1

    2d451d109509b1e848f52add6d0ee454b29ccd40

    SHA256

    cc4a198a1ab684724f35c367b97e3f9258662b158be9a96a190b921bdfaf12dc

    SHA512

    b4c5338b740ddaa39603865a3dbc422750f66c052f266be037b2b38483d1088e3a4dacfb22581a18796f0901e611028ff00076f2a5c959c7443903d3659e1d81

  • C:\Program Files (x86)\Buildbox\libvorbisfile.dll

    Filesize

    108KB

    MD5

    00faf4fbd1e93e4ccc297ff9cb52a3d0

    SHA1

    b17477634fc45bdbe9194ac33ae0be59b6cb9052

    SHA256

    a332c2396ea1a1a38ff9a225dbbe5d68d72ffa5779a205e04dc60ccaa211cae4

    SHA512

    1ddb776790df2690738b095bb550c2bcb3bb23771b142f00adea0a7151e860c0d79f3541f30d4af387477bc53b94ec73d71e8d08bf789af241173ec958cf62ae

  • C:\Program Files (x86)\Buildbox\platforms\qwindows.dll

    Filesize

    988KB

    MD5

    e7561e3750925f4d731d9366194dd493

    SHA1

    b56f62063d2334d47b1d54bdb68102e41e559c74

    SHA256

    c0030d1fcc93235ea90097855628bb937a70a778441741d2aa27c8278c50d8c3

    SHA512

    c0d266af87e977ea85a5a9589ee93500bee1f5277db2b09402b5c8ab95085d46e99242498fd011152200edde14ac6f14f1bb0b04ea33136ef97c8a1345e417c0

  • C:\Program Files (x86)\Buildbox\pthreadVCE2.dll

    Filesize

    76KB

    MD5

    ae4ae0ef65becf8684db223ceecbfba7

    SHA1

    1826006ee9ca5090eacfdca63bcc370e2be701e6

    SHA256

    27a8bd5814bf5e67858856f5090952e558c6e03fbebcbd66f7d8eb8fda2b369c

    SHA512

    880b38c69a38c02923988ccafba630e8a5a12ec885d713fc863f69174b475e408427fb68acdf6a3415a3bbd6cb80a1eb81eb752b18ef03a4590cdb36c9f52e3e

  • C:\Program Files (x86)\Buildbox\zlib1.dll

    Filesize

    105KB

    MD5

    b8a9e91134e7c89440a0f95470d5e47b

    SHA1

    3cbcee30fc0a7e9807931bc0dafceb627042bfc9

    SHA256

    42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71

    SHA512

    e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54

  • C:\Users\Admin\AppData\Local\Temp\is-5C2IE.tmp\vcredist_x86.exe

    Filesize

    13.3MB

    MD5

    2fe9702861e9f93a53be8dab361291a6

    SHA1

    17b381d3adb22f00e4ab47cbd91ce0a5b1ccbc70

    SHA256

    4ff07492947c3e52607aa8de0c241898aa35c439c442de1cea5d17de5b7c7f01

    SHA512

    dbd4023d3919ffcca2d21ff01bece68bc58004b966f0484eeef54fac0192ced1601859dd72f2214a38dc53c2c18582b74711d8b80e4bac60b9a6ad03b72fe803

  • C:\Users\Admin\AppData\Local\Temp\is-8NAB7.tmp\Buildbox_2.3.3-1986.tmp

    Filesize

    694KB

    MD5

    45086337c414f5a811acfafd1d30ebf1

    SHA1

    6bebabb52d4ec2978307eeb9fe52894cd94d50c5

    SHA256

    6dc029d8b17090783e2733392bffe3b16febc4badb2721db059c6150fa9315e1

    SHA512

    a7f7394f8d1f344c89fb946f6e508f23a8453074f1747130a9b242e253d7816880dac0cfac12eb8858e7b741c827e432e77141b708cfe03f481b1c71f8174f73

  • memory/756-86-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/756-602-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/756-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/756-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

  • memory/4056-413-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

  • memory/4056-601-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

  • memory/4056-6-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

  • memory/4168-593-0x0000000003060000-0x0000000003071000-memory.dmp

    Filesize

    68KB

  • memory/4168-581-0x0000000002EA0000-0x0000000002EB3000-memory.dmp

    Filesize

    76KB

  • memory/4168-595-0x0000000003090000-0x00000000031BB000-memory.dmp

    Filesize

    1.2MB

  • memory/4168-583-0x0000000002EC0000-0x0000000002F10000-memory.dmp

    Filesize

    320KB

  • memory/4168-587-0x0000000002F20000-0x0000000003045000-memory.dmp

    Filesize

    1.1MB