Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 18:05

General

  • Target

    Built.exe

  • Size

    6.0MB

  • MD5

    a63702c06a401f4dee92ecbfe7e2a289

  • SHA1

    3a4f43b4fecc0537b9a7294fdaf716589f3aadfb

  • SHA256

    5abca78c05174b85888fba097e89106162261ecdac73f09d035eb22aec3261f6

  • SHA512

    5f637e8a8db508d41e92d3d96c12141ef7ac2b396e2fd9c91b5cfb263d41340a1b7863d3d703ecacdc5645d58b7b235d501a42d80269d808dd38049663ea980b

  • SSDEEP

    98304:bgXdYMLXqkqMQXhL4afkhk9Y+YNwh1SMCJbzRnPJ8iE/56YSZDJ1n6hBnLnzOc:orsL4ack9Y7m7SMYNPKB8n6hVvF

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Built.exe
    "C:\Users\Admin\AppData\Local\Temp\Built.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\Built.exe
      "C:\Users\Admin\AppData\Local\Temp\Built.exe"
      2⤵
      • Loads dropped DLL
      PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22322\python311.dll

    Filesize

    1.4MB

    MD5

    e7103e2bf67b33f3c866e944329ddd7b

    SHA1

    3bab461ec7782a4949964b591c14d8f3bacc1098

    SHA256

    b36c67f6ab5dbe6104f4abf3f1c19a702af20d8bedcf9ef5e499dc84e62d6fbd

    SHA512

    b45629330d0f67788b4c7f1ec61bce0b64f567d6bcfcbccb14289284672eee81d3d8f4036d58e9f24f3c86b5e67d2b5d58253d03249c4e151ac0a0ba2134d88b

  • memory/1704-23-0x0000000074530000-0x0000000074A3A000-memory.dmp

    Filesize

    5.0MB