Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 18:05
Behavioral task
behavioral1
Sample
Built.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Built.exe
Resource
win10v2004-20240611-en
General
-
Target
Built.exe
-
Size
6.0MB
-
MD5
a63702c06a401f4dee92ecbfe7e2a289
-
SHA1
3a4f43b4fecc0537b9a7294fdaf716589f3aadfb
-
SHA256
5abca78c05174b85888fba097e89106162261ecdac73f09d035eb22aec3261f6
-
SHA512
5f637e8a8db508d41e92d3d96c12141ef7ac2b396e2fd9c91b5cfb263d41340a1b7863d3d703ecacdc5645d58b7b235d501a42d80269d808dd38049663ea980b
-
SSDEEP
98304:bgXdYMLXqkqMQXhL4afkhk9Y+YNwh1SMCJbzRnPJ8iE/56YSZDJ1n6hBnLnzOc:orsL4ack9Y7m7SMYNPKB8n6hVvF
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI22322\python311.dll acprotect -
Loads dropped DLL 1 IoCs
Processes:
Built.exepid process 1704 Built.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI22322\python311.dll upx behavioral1/memory/1704-23-0x0000000074530000-0x0000000074A3A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Built.exedescription pid process target process PID 2232 wrote to memory of 1704 2232 Built.exe Built.exe PID 2232 wrote to memory of 1704 2232 Built.exe Built.exe PID 2232 wrote to memory of 1704 2232 Built.exe Built.exe PID 2232 wrote to memory of 1704 2232 Built.exe Built.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5e7103e2bf67b33f3c866e944329ddd7b
SHA13bab461ec7782a4949964b591c14d8f3bacc1098
SHA256b36c67f6ab5dbe6104f4abf3f1c19a702af20d8bedcf9ef5e499dc84e62d6fbd
SHA512b45629330d0f67788b4c7f1ec61bce0b64f567d6bcfcbccb14289284672eee81d3d8f4036d58e9f24f3c86b5e67d2b5d58253d03249c4e151ac0a0ba2134d88b