Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    109s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2024 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Built.exe

  • Size

    7.5MB

  • MD5

    cb06608822085f5911fc76736f13bc97

  • SHA1

    89322abb771c956b61f42309a5d27bb84afc62bb

  • SHA256

    9ad34ccc1e2fb6b719f4804117796ae7e826654bdfd8f36ae2366e836ff823ae

  • SHA512

    2207187ab730b07912877e7ef5e66c4b694eacaa04060e6b801b840bffa949c5ebd2316e16b26c303a7b2f0d34f1edd8dec8a9adc3664ac71f5e4e0a374b0d36

  • SSDEEP

    196608:zSgFHwfI9jUC2gYBYv3vbW5+iITm1U6f2:/FMIH2gYBgDW4TOzu

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Built.exe
    "C:\Users\Admin\AppData\Local\Temp\Built.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Users\Admin\AppData\Local\Temp\Built.exe
      "C:\Users\Admin\AppData\Local\Temp\Built.exe"
      2⤵
      • Loads dropped DLL
      PID:320
  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files (x86)\Windows Media Player\wmpshare.exe
      "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2344
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3064
  • C:\Program Files\Windows Sidebar\sidebar.exe
    "C:\Program Files\Windows Sidebar\sidebar.exe" /showGadgets
    1⤵
      PID:1972
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:1984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI21802\python312.dll
      Filesize

      1.7MB

      MD5

      6f7c42579f6c2b45fe866747127aef09

      SHA1

      b9487372fe3ed61022e52cc8dbd37e6640e87723

      SHA256

      07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

      SHA512

      aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf789ea0.TMP
      Filesize

      1KB

      MD5

      76b0d3278027a7ecbc9cf50a4d2569c2

      SHA1

      7920cc78eb319249e8d5dac301a14a53f94d0e38

      SHA256

      6f9fc4bc9cdfefacc53d02b245d69e5d9bf86f490314365813edb65e29b6698f

      SHA512

      79e4620acdcb98496a473479765cc8ec250f5256da3d4971ffcb5af492d2c0297052f9f53efa3c7e4f9a91042608de1f2267b2b3302153634f947b52f7b1c3a5

      Download Submit

    • memory/320-23-0x000007FEF6550000-0x000007FEF6C15000-memory.dmp

      Filesize

      6.8MB

      Download

    • memory/2080-46-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

      Download