ecb47043c221cc3172a4c5a2458fb087523eb579c982c6a22072d7ca5ab36beb

Resubmissions

02-10-2024 16:12

02-10-2024 16:07

max time kernel
312s
max time network
319s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 16:12

Target

Built.exe
Size

7.5MB
MD5

4f202bfe83d33063b0c592783cee5130
SHA1

2c5c7bb6c173f82863d4ff9ede803e67f9fce152
SHA256

ecb47043c221cc3172a4c5a2458fb087523eb579c982c6a22072d7ca5ab36beb
SHA512

22fa878d9ed145f64c84a2d15419d2687d8667cbf411d976cbafc79f59cd4a2c4ca05abab6f0fa1d7afd276b9fd41174240a5a928e42856a08f6d161e0a25fc0
SSDEEP

196608:fzunqZSwfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oSG:iOIH2XgHq+jq93YoH

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2916	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0004000000019461-21.dat	upx
behavioral1/memory/2916-23-0x000007FEF6320000-0x000007FEF69E2000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 2916	1428	Built.exe	30
PID 1428 wrote to memory of 2916	1428	Built.exe	30
PID 1428 wrote to memory of 2916	1428	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2916

C:\Users\Admin\AppData\Local\Temp\_MEI14282\python312.dll

Filesize
1.7MB

MD5
2996cbf9598eb07a64d66d4c3aba4b10

SHA1
ac176ab53cdef472770d27a38db5bd6eb71a5627

SHA256
feba57a74856dedb9d9734d12c640ca7f808ead2db1e76a0f2bcf1e4561cd03f

SHA512
667e117683d94ae13e15168c477800f1cd8d840e316890ec6f41a6e4cefd608536655f3f6d7065c51c6b1b8e60dd19aa44da3f9e8a70b94161fd7dc3abf5726c

Download Submit
memory/2916-23-0x000007FEF6320000-0x000007FEF69E2000-memory.dmp

Filesize
6.8MB

Download