88c55ab735061667e410e08d620b745706e71a7e2a4ed36d5291ff35effa66b2

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 20:42

Target

Builder.exe
Size

6.0MB
MD5

90e828d76d0c940ed0b5f276066b52e5
SHA1

2ec6a42f57a74a2196d46d3f01e0870c027f3192
SHA256

88c55ab735061667e410e08d620b745706e71a7e2a4ed36d5291ff35effa66b2
SHA512

751a13956f87592bbe0035b4f01515cc6539ace37cf1d09c052b41c2305b5b97875852697950d7c647f52516ce8a6b825cadab9e8358313dcd42ae7741b670f5
SSDEEP

98304:DsEtdFByLH0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RpOnAKXOqaOF/O:DbFELH1eN/FJMIDJf0gsAGK4R8nAKXzo

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2276	Builder.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a486-21.dat	upx
behavioral1/memory/2276-23-0x000007FEF6510000-0x000007FEF697E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2276	2612	Builder.exe	30
PID 2612 wrote to memory of 2276	2612	Builder.exe	30
PID 2612 wrote to memory of 2276	2612	Builder.exe	30

C:\Users\Admin\AppData\Local\Temp\Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Builder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\Builder.exe
  "C:\Users\Admin\AppData\Local\Temp\Builder.exe"
  2⤵
  - Loads dropped DLL
  PID:2276

C:\Users\Admin\AppData\Local\Temp\_MEI26122\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2276-23-0x000007FEF6510000-0x000007FEF697E000-memory.dmp

Filesize
4.4MB

Download