Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

Resubmissions

02-11-2024 20:23

241102-y59kmatphs 10

02-11-2024 20:22

241102-y5sl4svdjp 10

02-11-2024 20:21

241102-y49h8stpdz 10

02-11-2024 20:17

241102-y2n5hstnfx 10

Analysis

  • max time kernel
    24s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2024 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Built.exe

  • Size

    6.9MB

  • MD5

    f490839c28892955dfc6f341a49bc899

  • SHA1

    987358381e0d76686bb2fe23d8ac714586a8ff91

  • SHA256

    dff257afb94abb2056a4ef1bda262a04e5ad48844831a95a0ce839590884f5a3

  • SHA512

    e0be0e81051646b4ba9161d94c0af72faeb957330abbe9be9ab67bcb29f0cea0663379fdd8a7ac3512493d4839151398ad3f5c82d7a603edb53b1bd62b75c3e7

  • SSDEEP

    98304:mVp2DjWM8JEE1F9iamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEV:E207beNTfm/pf+xk4dWRpmrbW3jmr8

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Built.exe
    "C:\Users\Admin\AppData\Local\Temp\Built.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\Built.exe
      "C:\Users\Admin\AppData\Local\Temp\Built.exe"
      2⤵
      • Loads dropped DLL
      PID:2532
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI26722\python311.dll
    Filesize

    1.6MB

    MD5

    bb46b85029b543b70276ad8e4c238799

    SHA1

    123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

    SHA256

    72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

    SHA512

    5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

    Download Submit

  • memory/2532-23-0x000007FEF6510000-0x000007FEF6AF8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2532-44-0x000007FEF6510000-0x000007FEF6AF8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2692-45-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download