Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2024 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Built.exe

  • Size

    7.5MB

  • MD5

    b93662ace7c4e48b341e69f2ef01fb0a

  • SHA1

    181a6ec454f6d884be0be4cf6c0fa456809d5669

  • SHA256

    7d1f45f2c66e84a2f97120fdb98634962e77e4241ce8504eccd0df874fe852ec

  • SHA512

    f9e5cc90cd603c3e896fd506f4d709eb319132d0a413f906cc65defc7aad5d56a4043736121b6b359ff0eb4df7b71436a3d968953e378d8136e033ea66cbd657

  • SSDEEP

    196608:LfgVVEJwfI9jUC2gYBYv3vbW2+iITx1U6nu:EVVE2IH2gYBgDWJTnzu

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Built.exe
    "C:\Users\Admin\AppData\Local\Temp\Built.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Users\Admin\AppData\Local\Temp\Built.exe
      "C:\Users\Admin\AppData\Local\Temp\Built.exe"
      2⤵
      • Loads dropped DLL
      PID:2176
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.0.1359676133\2065729099" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8d9b873-2242-456f-a49e-0ee91f52e5e7} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 1296 10ed8758 gpu
        3⤵
          PID:2268
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.1.889000764\658810411" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bed99db-676b-443e-b10f-e69ec4228c7e} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 1484 d70458 socket
          3⤵
          • Checks processor information in registry
          PID:1768
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.2.2122599061\270754191" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53aa0a16-5324-4287-9fc1-e0c1d78ed2dd} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 2128 1a7a3b58 tab
          3⤵
            PID:2248
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.3.1863537774\452322877" -childID 2 -isForBrowser -prefsHandle 2508 -prefMapHandle 2352 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb726b32-ee87-471a-9dc6-1e0599845073} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 2500 1b4f0e58 tab
            3⤵
              PID:1336
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.4.811043835\2074465389" -childID 3 -isForBrowser -prefsHandle 2904 -prefMapHandle 2900 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e566bd8-7983-47bd-9978-68d4aac80529} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 2920 1c53c358 tab
              3⤵
                PID:924
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.5.45883034\1028677954" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3612 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b4d77b-52d2-442a-8500-1cb9ed249cb9} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 3780 1e80ce58 tab
                3⤵
                  PID:1576
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.6.731965033\986583798" -childID 5 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21dc4807-ad62-4fff-8ccb-911c5d63d0d0} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 3888 1e81c558 tab
                  3⤵
                    PID:2960
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.7.1264712343\1877451179" -childID 6 -isForBrowser -prefsHandle 3968 -prefMapHandle 3972 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e0351fd-0d9a-4e81-8531-ff40d581e344} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 3956 1e81dd58 tab
                    3⤵
                      PID:1828
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.8.372196269\662310531" -childID 7 -isForBrowser -prefsHandle 1872 -prefMapHandle 1868 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bd32f5f-19c7-4374-b5d4-2191a1173775} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 2468 18362e58 tab
                      3⤵
                        PID:2708

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    32KB

                    MD5

                    b39e5023f209c52a5970731fb2331f0e

                    SHA1

                    d74b26c50299af71f033c7728e20f27add9b6228

                    SHA256

                    344b979d8b22773ac223e704c01b51a83b7e6fefd213292643bc8fda8b6c0b73

                    SHA512

                    3fc4b2c00e14bdeb48646f253bbc0b0f0928b2bdabab2b106c5711cdd36dbfe191a3874039673e4af328ada8fd636f0876a47945eebf294f8f44c4f85d7a6cbf

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\_MEI26482\python312.dll
                    Filesize

                    1.7MB

                    MD5

                    6f7c42579f6c2b45fe866747127aef09

                    SHA1

                    b9487372fe3ed61022e52cc8dbd37e6640e87723

                    SHA256

                    07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

                    SHA512

                    aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    b5264279e8e31ad7227b9047ad8ee422

                    SHA1

                    62e45e4f5cd3608394726d4e92d4be22fbf383d7

                    SHA256

                    36f7b0f66106ef377a8e1666170368b135ee3c555a2ad7f6a52120074e129e24

                    SHA512

                    9cc7e4f1be26d97d2aad8f0aea480ab6ee4a9ca3cf0760557387b203f199c31302ed7dcb7cad4d1da8c40a2ed4cf64e0439e70bb3360604a0a1c05426c0f6db1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\pending_pings\15592001-ee11-4a0f-b09d-67a369d1267f
                    Filesize

                    745B

                    MD5

                    62274894865aafcb15b17b0db01d1a13

                    SHA1

                    a54ff0b1a0335ac8ff0086579b36876807cef1dd

                    SHA256

                    949b5c3407d3b3b604880611c08399897e2bf58b5f46d08a0ddd4048548b2d39

                    SHA512

                    39b0be577ab244cde020bf792294a2e4626cc5e7087378b26f7f45d4cca1aac1a7ef2d2dd41f09ce4f157e3ba8ecff89e23c867bf004a4b0f914c07e9e9ed035

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\pending_pings\1715e6b5-9f55-41e3-9771-61a545eca211
                    Filesize

                    12KB

                    MD5

                    bbed71ba511f6fa804daeb274eb8a422

                    SHA1

                    cbb47c15250248425aa9cbdaa8b9e3355b9724d8

                    SHA256

                    b9b9aeb5b8d770adff2737b3a4a61962afc8f38cc9d333e1a3aeecbccb3ca936

                    SHA512

                    7bf25381c89239a39796e0425c82a0df05e6a84108533dae11250a7275fe83eb00d9caf461377981eb505e757dc38f938082725530251b83e7c60504fcf7b92c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    dd6ce9f51d15bdc92064aae816808204

                    SHA1

                    9da15ca02d413b4b80b93e0e7b316c7f82e0b143

                    SHA256

                    18354ebd0be275d1eba09dfb702fab090131d4d7cf42c8f66c526960eea05c35

                    SHA512

                    22ad692f20483873a26005f31df6be2e92e487502fdeb3fb9d71362739e47bfb40775859694481e218b531d5ed8375c2f92bf4fc81164b7956a176abd9701e79

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    1cdfd66223d9d41055cf8fb3fadaf321

                    SHA1

                    e3019a391aa29674203ffb012b1ba732e6db27fb

                    SHA256

                    e76c4a4d4c09112d6bdb8d062ca7e87eedca04f93d5dcc0ab50f4f8bb0583810

                    SHA512

                    bc48aec586f537877af0b9a52b0301bbdf58c9200a3aa4154c5338f8bb52e7f7b6cb4fae89f239eeb13985a467c6e566ffe846b0feebe474fab9b57c3c7de6ba

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    283082e42359f75f86d6bdf64866e4cc

                    SHA1

                    3417610534dda38274fa7fdaa06df1dd2af4c953

                    SHA256

                    29d6ea521f94ec5943891d5fb31107aa33b3902d35f79fe97c3ef56d45d30ff8

                    SHA512

                    12f3f2b69c707aa80afb79ed09b766a8ded7cd9926e4abe735efc2d24db3e36615076051cbd136f59cb96f117700fe945fff4a2558f04393f3d3d65d07d869a2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\sessionstore.jsonlz4
                    Filesize

                    3KB

                    MD5

                    dd763a5d33ad604100e01dacad9170f2

                    SHA1

                    0c06744a8a6e2fe9f70f18b77e4458da20f103b9

                    SHA256

                    b89e8532161d564c0fd632f327299254fb505bb07cfe1890583c525acdf05668

                    SHA512

                    950fc6cf2d90b0268c873f2b1e564b0225b6192dc93f360f7840da9c22dba7c5584005c25f35a3c9637248deefe44fcea7a8acd0cae213859bbc38ecd6cbd7ff

                    Download Submit

                  • memory/2176-23-0x000007FEF5040000-0x000007FEF5705000-memory.dmp

                    Filesize

                    6.8MB

                    Download