82e0519fd9f515082342e0fc2eda46ecbfec12fd911a42e1eea93a0e523b9680

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-10-2024 19:00

Target

Built.exe
Size

7.6MB
MD5

2de476f33c25ef88cab15641b2ab63f3
SHA1

0a3317e904e953a3bb3e6334691c9cab056a4f28
SHA256

82e0519fd9f515082342e0fc2eda46ecbfec12fd911a42e1eea93a0e523b9680
SHA512

0635c5c8e810a46ac15c6e0b7254bf08ec5855d5b73cbe8d5936c8534b9c2ddaaf24176a37e17eee9b2539b12ba7935187ab1441c3c1c9576ee114cc3845fbf5
SSDEEP

196608:brHYFwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/j/:DIHziK1piXLGVE4Ue0VJT

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2264	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00050000000191f7-21.dat	upx
behavioral1/memory/2264-23-0x000007FEF6070000-0x000007FEF66D3000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2264	2440	Built.exe	28
PID 2440 wrote to memory of 2264	2440	Built.exe	28
PID 2440 wrote to memory of 2264	2440	Built.exe	28

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2264

C:\Users\Admin\AppData\Local\Temp\_MEI24402\python313.dll

Filesize
1.8MB

MD5
6ef5d2f77064df6f2f47af7ee4d44f0f

SHA1
0003946454b107874aa31839d41edcda1c77b0af

SHA256
ab7c640f044d2eb7f4f0a4dfe5e719dfd9e5fcd769943233f5cece436870e367

SHA512
1662cc02635d63b8114b41d11ec30a2af4b0b60209196aac937c2a608588fee47c6e93163ea6bf958246c32759ac5c82a712ea3d690e796e2070ac0ff9104266

Download Submit
memory/2264-23-0x000007FEF6070000-0x000007FEF66D3000-memory.dmp

Filesize
6.4MB

Download