f5a3409e62770b9769d8edd41c840257542bf338a0e4718616e217e4a6c41fe3

Resubmissions

22-11-2024 05:08

241122-fswtwsvmb1 10

21-11-2024 22:41

241121-2l6leayme1 10

21-11-2024 22:40

241121-2lrggsymex 10

21-11-2024 22:28

241121-2dmhkaylcy 10

Analysis

max time kernel
10s
max time network
1s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built.exe
Size

8.4MB
MD5

ab0c18c1152d24e36df057b6630330dc
SHA1

4fd504eb196439de1d918151b82f7a472a42df45
SHA256

f5a3409e62770b9769d8edd41c840257542bf338a0e4718616e217e4a6c41fe3
SHA512

9c17d6077a3f8659e01ca46f6aa06a49a4cb6e2db059de9fab1a5bcbfd074105ecd60243b97da75095f60b02f8a3d6eff2f0eac08fd3cbdf8a53d12454c32187
SSDEEP

196608:3Dg0UwfI9jUC2gYBYv3vbWz9q//zsLe9j3lt:c0rIH2gYBgDWU/7sLkzlt

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Built.exe

pid process

2716 Built.exe
2716 Built.exe
2716 Built.exe
2716 Built.exe
2716 Built.exe
2716 Built.exe
2716 Built.exe

pid	process
2716	Built.exe
2716	Built.exe
2716	Built.exe
2716	Built.exe
2716	Built.exe
2716	Built.exe
2716	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17322\python312.dll	upx
behavioral1/memory/2716-75-0x000007FEF5A40000-0x000007FEF6105000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Built.exe

description	pid	process	target process
PID 1732 wrote to memory of 2716	1732	Built.exe	Built.exe
PID 1732 wrote to memory of 2716	1732	Built.exe	Built.exe
PID 1732 wrote to memory of 2716	1732	Built.exe	Built.exe

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17322\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
ac4df73c97799aa9f5bec3c5fd78937e

SHA1
6a95f8f24b6faf92580be7d2b587eb43714937e8

SHA256
796896827a8eb53cfc40e49ffd56ce4c5e40671c94b8102f97dce67a351e997c

SHA512
4db9636f306bf851678d4ad12c7b33dfeaeecf65393ac9f843dc5cb7382532644475a653d708dbd1cb6bae4db1b5273e84ce76ee0941649cb02ebca9e7afb44a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17322\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
5bf0d34b49a16004c9b2297502c736da

SHA1
60d30cad05932086fafd87890b40ea798ff5143e

SHA256
94d0ea1ff3707665bbbe9942d000e497306504575bee4e687fa8a51a29b841e6

SHA512
9feaf1e7b602370edb67a2dfa627b09a96aa905b946ffe2af2d595288ed784d43d8e4bb1d29f23f459535b5892d38088dfd9a73fdf636dc21b6d9143f56e77a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17322\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
21077a051ef0f7a06f11b2270920bb9b

SHA1
6d3ae3eabf83c8206ff3eea1c73ac02e1e649de4

SHA256
fb37e0ad35ca4446e9edafdf5c2ac55cae0b40f3a609f6fa63688d2f5bc90df4

SHA512
3bdded7681618d62e430e4ead2101b5e6cc39866eaeb1bb5330234006d86eb884f388cbd3a4e56dbcad02f9573a69f4d9164dbfb58d773fc92bb810b1bf0075f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
d5cb714b845fbd16f4139412417653bf

SHA1
f3316169ae8909cb2dbf9769d7e253a09b4590d0

SHA256
eb299c380b9149f65ce7be6945a2a2eb0e63bfa87a27759e456b7050eb744cdb

SHA512
f6444115e5de000e13ed0cd13a4adf686974c78b48bd2cf8c1fea8e05f5f5494dae2e74b7706c7651ad4c0cfbeee108fb786878629650d1ed2b8f31d3881e4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
7cf41ccd6d1f252d16475a116d9a8f1d

SHA1
3167fca636a5d3306a22924f4edb0aaff6eecbb4

SHA256
049c9a49353416701a0672985800734e515be2b5f5445fb5fb3813845460008e

SHA512
6f7ea04d7d25396e0bf776140cacc42a31e355453d158ca4d88b3b03d0662fe4c9d20b006bb17087375d3d8b87d9f9c70c9c7508e370883033f6cf6a552ad15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17322\python312.dll

Filesize
1.7MB

MD5
6f7c42579f6c2b45fe866747127aef09

SHA1
b9487372fe3ed61022e52cc8dbd37e6640e87723

SHA256
07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

SHA512
aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17322\ucrtbase.dll

Filesize
1.1MB

MD5
b0ceb85c5e954f543abc076fa8de17f9

SHA1
0969b9819d72e24139d1f931c27710e814581d27

SHA256
1e316042bf54883cde951203633b087c2dcfdb2195af0526fb9d686541b14950

SHA512
36d9182a73edcd14949f93dfefd47f513fce5760efb8fa8a111af9001a0752f2dc90a92374aaafa9f58ff58f6603ee9e6efdd49ff5359fe6e69f2e1ef7a6cd73

Download Submit
memory/2716-75-0x000007FEF5A40000-0x000007FEF6105000-memory.dmp

Filesize
6.8MB

Download
memory/2716-76-0x000007FEF5A40000-0x000007FEF6105000-memory.dmp

Filesize
6.8MB

Download