92160793e5ff95e98ce5dc7bd9745321428bee777bf26dbf7d93d2a047c25a67

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built.exe
Size

8.3MB
MD5

62a469d3aa39ba22e5d7126c01311b4e
SHA1

4f8913b11e8005c07f785d635b5d4cb549095b3c
SHA256

92160793e5ff95e98ce5dc7bd9745321428bee777bf26dbf7d93d2a047c25a67
SHA512

54abbd4831329ec14942010957f640b18723d7f3cdc52a4539afb74b3414a9346d65630179e661147e0cc87c021644e0fae43e9fcf981aedc1c791788e9543d2
SSDEEP

196608:+J1d2SrgwfI9jUCnORird1KfbLOYDn/N2oc+nBIdAxS:yyy/IHOQ76b7VnnBIz

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2844	Built.exe
2844	Built.exe
2844	Built.exe
2844	Built.exe
2844	Built.exe
2844	Built.exe
2844	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2844-74-0x000007FEF6190000-0x000007FEF6851000-memory.dmp	upx
behavioral1/files/0x000500000001a30e-73.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2844	2336	Built.exe	30
PID 2336 wrote to memory of 2844	2336	Built.exe	30
PID 2336 wrote to memory of 2844	2336	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\_MEI23362\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
6b280015cf873517051ccbda728dea4b

SHA1
c83f9bc0e27eb1969559d6aeaa268c99a5a4dde1

SHA256
f2a0d0fc3d24e72f3cc46111d7166ab8a4511674b73617d2019f235c61b30654

SHA512
fcb108b3a95d13059434415c3d054669b4741c85f4a21dc60f69af870a306aa6c2726b03e746f9ad5ff916cfc23a1bc1ed541e635b4720e430b334e921e568e1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23362\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
37fcc989b5ae55d0d18ee69edf57f6c6

SHA1
c4b2cdc1aee7137fbe4993b03859e9fb45fc3e14

SHA256
4047ec069444b0b466c4b375bd55aa1e1b6c177bda61eca391969b3d0d07f534

SHA512
bcbf7c4bd709ab1b7fbac483bf2b002abaac93e7e74ec465c31ab9ece6cd7874ffeced5a998302514e3f0cf15e571c09d7197d146f6fe490dbf429ea2a964d4c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23362\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d48de46dc141d9cad89cd97a9ac326da

SHA1
6ae6491924a7ea716f907490cf1851da014ee3c5

SHA256
aaacc72a5e85ceb15181b4604683543f81b37dd1d5215d647ff3fb464935f890

SHA512
6bcd7f62c293f8a3aea9937c4520851babd8ed796b138860e3e3aac7bb95715b5987485f8ee8255209bbb704e73e833d4cddf1c8e57bd2a39448dc292bb4f6ce

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23362\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
d23eb2dbfb3094b4bd37cb304f6c2a8d

SHA1
9f2ed84b2a8d46bd8ca0704917e95a44c3426ef3

SHA256
af4d0083bac90404962e846a91385fc10b62dc739d1a763ec11950636a62a1f3

SHA512
d1cfbcdb9f97958593c561c3e7bdf6da7fe1ab586592c74bff7dd5cf1296fb2f5f7139ebeebe55bf4ae62c4043819955fc6764a6e724e00e9bbdb77d52d8f7b6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23362\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
a9b11e4a24f3dfd567f79e1fca5375d2

SHA1
90a76ed33255c1db551fe95debbefdf07d3617a3

SHA256
df91a750aad544f3c1048d2b397890aa91282e115652ac833639196f8e945a3d

SHA512
2fc0163d74fb121d4d426b99ba70c65a1f847c9b867fad0f86e9caa7b295e101958b2bf05a8b2498fbe0027cad71ea8c09ece3e5d2c4d707936e42c21f840236

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23362\python312.dll

Filesize
1.7MB

MD5
3c5c6c489c358149c970b3b2e562be5f

SHA1
2f1077db20405b0a176597ed34a10b4730af3ca9

SHA256
73a22a12ea3d7f763ed2cea94bb877441f4134b40f043c400648d85565757741

SHA512
d3fb4e5df409bf2de4f5dc5d02d806aee649a21c339c648248b835c3d5d66ab88312c076c149eaadaa3ce0fb43e6fa293bfa369d8876d6eb18742bd9d12448e3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23362\ucrtbase.dll

Filesize
987KB

MD5
907116582b20dab2c7952d283b2859e0

SHA1
92ed93d90e3dbed0bede26684618cdf40824f3f7

SHA256
aaada1f31f5862c7f7ebd68b15a4b854465d9e0c525228632ab6c85c2f321acb

SHA512
eb468b1537c299ddb486d6b8ebf4edf5821458bd012400b995c4c2d351aee67e5e292f5828baef07cc52a8c57940cb0d7cda7a99ef83e21978818fd28a7e4bc4

Download Submit
memory/2844-74-0x000007FEF6190000-0x000007FEF6851000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads