2baef2261e43bf77bc57ae60e820fbf3faebad7a473846206b103ea0a628711b

Analysis

max time kernel
100s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built.exe
Size

6.8MB
MD5

a36352e906fcbdb1053fe2bb9b912339
SHA1

d07904e420f1b8d3649bd60d2fe11310aedf92c3
SHA256

2baef2261e43bf77bc57ae60e820fbf3faebad7a473846206b103ea0a628711b
SHA512

9ec29d838338d2b25c0fa12851b5c34604b79cd619ff7ad98d5ad2ea57f8a52945fb8ca16c3a66da04cd4522dedb608ec795bb2734ec328c6cf951f48a9d1d6c
SSDEEP

196608:kOFIYOdYeN/FJMIDJf0gsAGKABRIuAKttRA:YTX/Fqyf0gsd3jAKO

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2804	Built.exe
2804	Built.exe
2804	Built.exe
2804	Built.exe
2804	Built.exe
2804	Built.exe
2804	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0004000000019520-73.dat	upx
behavioral1/memory/2804-75-0x000007FEF6490000-0x000007FEF68FE000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2804	Built.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2804	2716	Built.exe	29
PID 2716 wrote to memory of 2804	2716	Built.exe	29
PID 2716 wrote to memory of 2804	2716	Built.exe	29

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27162\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27162\ucrtbase.dll

Filesize
1.1MB

MD5
634ccf5740715c8482be72e8ced5af61

SHA1
79049af9e9b775da1c2051343d18ca0ab972c7dc

SHA256
c508db2f26355ed73112fd4d636dab8b321f942a64b8fddb914797413e2335dc

SHA512
dfe972948afaa878aff326cb4b49329298480e7ba72775cb8d2f744d0380ccc11be0bc00b368c2513b5b9f39143b3fe90979b92f0d0405ca2b847d30cef2e269

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
d8988153d1ebc09b93a078416e5dbfaf

SHA1
d3789700d04e30440eee60c36daa79213be7d169

SHA256
0f0168910611f9878c40018e0b024d303a9c078f942020bca0d1c328bf04f1bb

SHA512
1e50bca6b067ecd40a779eaa13ba38c0a1a9fe8830356703619be401211a3eab484c1763d8ed6c4eca904a5c2b7e5cb7189052960227f74fc160daad40073ef2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
78395758e9f3cec3269315ff39ab6268

SHA1
8cab2dab3d601be912817e9b978ba7285482954d

SHA256
56795989c7b3861eb26d9b96b130fff607531ecbcde62cf66e8f0f47061b3968

SHA512
60a2cdab1f324e35413955c0e55e2cd0510b9d342d0dcb44a0e65d67906753c9a9170e1b63acf61cec8490a9d1934d225bc635f02034ede782a725d534d47236

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
e7da0e7fd6506864500e3a057cec248d

SHA1
631b3980379d58e7ec9c38b2762d95f740e2da14

SHA256
2fd707c9ed3f3c0d580a52267a331a9691da09728da80b1e1ee37f77526a0107

SHA512
ebece590f9af9990118fce39506fb6b9ecaf9470e355a13039c57574a26c654456c6739198f50cf41d7c95b382d537fa0f26b1298a2972efe647886f221dacaf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
45bdc0b305efdadd9df11b356b4edf6a

SHA1
32f5546e7627850b332de8587e1766b91b3e65c6

SHA256
f17dcab5ae9678e9921ccdbb919580875cb6470f0cc5485e3b0880f0a22606ee

SHA512
d971a8e07b161c9547ba9b73e475f9291e47bdff152a354f25e1497405c2fad6b531c2e204f4bf0923f79d5100b7574198fd9647d9f01620e308dc6b550d520e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
329a9bc4bb1e8c1d6d0b0e14128447fb

SHA1
c276b0cb025ad03e87f7e304abb3ec781286369e

SHA256
a5343106180c8efc46ad128ba38abaffb8bdb426adba538def56f4df792d58a1

SHA512
2ca374127a467c22518446c491064aad121aa848ebb58162841cddcad4dc1fc28a3d1e6866ba677ea939b715db4c236e5699d0bebc6623f8bd665345d6c6ce5e

Download Submit
memory/2804-75-0x000007FEF6490000-0x000007FEF68FE000-memory.dmp

Filesize
4.4MB

Download
memory/2804-76-0x000007FEF6490000-0x000007FEF68FE000-memory.dmp

Filesize
4.4MB

Download