5cee733f99f419f1e9592b5a853cc61a1b9ac3687318e4023e8e1f73751c5374

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 18:53

Target

Built.exe
Size

7.4MB
MD5

b935460bd7e51e07216c875dbdafada2
SHA1

0b330bb8c34b27dee5e97d1f1e99363114bcba99
SHA256

5cee733f99f419f1e9592b5a853cc61a1b9ac3687318e4023e8e1f73751c5374
SHA512

d3d4a602923b5cdc29f006390c12d84ccc6e1649b3ab549da5d05a2e2f5c2438bc844ffb4c3ba96e915b7345401f149de5698522b625205317dcebd6b296386d
SSDEEP

196608:Df0cD7+Ljv+bhqNVoBKUh8mz4Iv9PCH1o3th:AieL+9qz8/b4IAGth

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2576	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0006000000017570-21.dat	upx
behavioral1/memory/2576-23-0x000007FEF55C0000-0x000007FEF5BA9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2576	2676	Built.exe	31
PID 2676 wrote to memory of 2576	2676	Built.exe	31
PID 2676 wrote to memory of 2576	2676	Built.exe	31

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2576

C:\Users\Admin\AppData\Local\Temp\_MEI26762\python311.dll

Filesize
1.6MB

MD5
0b66c50e563d74188a1e96d6617261e8

SHA1
cfd778b3794b4938e584078cbfac0747a8916d9e

SHA256
02c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2

SHA512
37d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f

Download Submit
memory/2576-23-0x000007FEF55C0000-0x000007FEF5BA9000-memory.dmp

Filesize
5.9MB

Download