Overview

overview

10

Static

static

10

Built.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    10.0MB

  • Sample

    241110-wpezza1pax

  • MD5

    fc58152a9c08d0f5040a9b7daeaf9499

  • SHA1

    8e5575bceaa385a5913a80e61f48a7263442d64b

  • SHA256

    1e5bb5c135bd5a1c3f98dc5c5f9cf11245ef2c1286da93b099367e6685e08455

  • SHA512

    58ef1eceeee7f05caa6fb7dd35679b5cc5fbc8a7816480fe381a8de212a554184ee38f323cfcad361d9b450bb048b092f1fa900b8c4bfdfd2df0e033e31879a3

  • SSDEEP

    196608:JcgFwEeNywfI9jUC2gYBYv3vbW5+iITm1U6fD:vFzeNRIH2gYBgDW4TOzr

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      10.0MB

    • MD5

      fc58152a9c08d0f5040a9b7daeaf9499

    • SHA1

      8e5575bceaa385a5913a80e61f48a7263442d64b

    • SHA256

      1e5bb5c135bd5a1c3f98dc5c5f9cf11245ef2c1286da93b099367e6685e08455

    • SHA512

      58ef1eceeee7f05caa6fb7dd35679b5cc5fbc8a7816480fe381a8de212a554184ee38f323cfcad361d9b450bb048b092f1fa900b8c4bfdfd2df0e033e31879a3

    • SSDEEP

      196608:JcgFwEeNywfI9jUC2gYBYv3vbW5+iITm1U6fD:vFzeNRIH2gYBgDW4TOzr

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks