b44e3d50118aa8fab2c74773ca8fd3d57823ee57749cf7ff270a72c381fd2ced

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-01-2025 22:43

Target

Built.exe
Size

5.9MB
MD5

0c8895de04558da8d5e7b6ea9af319a3
SHA1

a11a7dbb476a08ade3209041ea224e1d64c34430
SHA256

b44e3d50118aa8fab2c74773ca8fd3d57823ee57749cf7ff270a72c381fd2ced
SHA512

11a31f673ddd8fafcc86f7b337250a041fd0c2a968cc13783caa8bb3c7cecd1fef514c1be0ec29b6888cdc4c7ea21299ac7b8a983b8981b444d446ec41718a23
SSDEEP

98304:k7vfrAEHIhSQHXXi65sn6Wfz7pnxCb3AtZC0VZHtKpbzL8SG2XATHbm9Ck6n/yg4:43rAEoYQHJDOYbwtZVZibPpG2QrbsC5W

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2824	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a42d-21.dat	upx
behavioral1/memory/2824-23-0x000007FEF5BC0000-0x000007FEF602E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2824	1488	Built.exe	30
PID 1488 wrote to memory of 2824	1488	Built.exe	30
PID 1488 wrote to memory of 2824	1488	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2824

C:\Users\Admin\AppData\Local\Temp\_MEI14882\python310.dll

Filesize
1.4MB

MD5
76cb307e13fbbfb9e466458300da9052

SHA1
577f0029ac8c2dd64d6602917b7a26bcc2b27d2b

SHA256
95066c06d9ed165f0b6f34079ed917df1111bd681991f96952d9ee35d37dc615

SHA512
f15b17215057433d88f1a8e05c723a480b4f8bc56d42185c67bb29a192f435f54345aa0f6d827bd291e53c46a950f2e01151c28b084b7478044bd44009eced8f

Download Submit
memory/2824-23-0x000007FEF5BC0000-0x000007FEF602E000-memory.dmp

Filesize
4.4MB

Download