29a1811536be10311519f8c8bfc783de43b830c5bbfb208b19c62001b1d82ff2

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-01-2025 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built.exe
Size

6.6MB
MD5

36b01be67c9129366da05580375d2dd5
SHA1

2f99c4f4f2e1e5b51984a8ba5764417c2a658cdf
SHA256

29a1811536be10311519f8c8bfc783de43b830c5bbfb208b19c62001b1d82ff2
SHA512

56a37685656de3da9fb25c76d79c173cfa9d5f33212fae79bad83682946560506614ae69805eb8da00ce167e3fe6fb1199c57271e6c62869dcbf8ce37e773a7b
SSDEEP

196608:3ZmDXB9RHvUWvozWOxu9kXwvdbDlA03NQ8nwm2FlJKDry:JGXbRHdKbAlbZA03m8wm25KHy

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2772	Built.exe
2772	Built.exe
2772	Built.exe
2772	Built.exe
2772	Built.exe
2772	Built.exe
2772	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019c50-74.dat	upx
behavioral1/memory/2772-75-0x000007FEF6360000-0x000007FEF67CA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2772	2360	Built.exe	30
PID 2360 wrote to memory of 2772	2360	Built.exe	30
PID 2360 wrote to memory of 2772	2360	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
75c8a3c1dfe2096f1a2c6ba51de7196f

SHA1
eb17720383791d75ccc2ed729900c1e8e8165504

SHA256
3d95961590fe6da5c569bcb0a54651488e70dd7b15c257e1b9faf8a3cc0e63e4

SHA512
8c6af5c49a321d60b14032780bf6d93a51ed7fe97940e06dfb251d295f51f2788cd7931a848cea94607d81acb9bb225086dd879159e67cda0c355173e69543ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\ucrtbase.dll

Filesize
1.1MB

MD5
6a44a2235d33b3f154fc50dc72e8ea61

SHA1
e98127a010bc6555e50e2ce7eba6ead8d8e13bf3

SHA256
91d027417ff2301b7135e864a5df6693488f8412ff87040f4897e0e03bc2577b

SHA512
057595ef00dc41aab49d654dc1b8dfdfaad58a3e2cf764db71090413b04e07c618d4592b390d170a4fbbc02f04c68f11b382258e3bf13a1791c6bfc97df7687b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
855bea02e0a624407c36b109b841db59

SHA1
d812734104a7fcce9ef86ba9239d106ef8d27395

SHA256
c6515fb573cd8190ebc401aab4646069066205ee9eeca548ae5ddbec3633336b

SHA512
23a14f6c86a8f986322dd1f7efee0b9a20e12e6d141994d3fd165d0df22513d63efb3fab8945879466b053f09fe0d2153c183c1d738530844eec465318e94ff1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
7f629d273ac801725d19df76990a68df

SHA1
dc6ce7553e3ccecbc2f74cccb6760a9fae910594

SHA256
945dacfe53f62d83acd0537a6712658558faafb18f68b76b88127db78482fd8f

SHA512
af51a9f8704d909185601c642d966cf99f53d2867dd4c5326f602ce279fcde916f9ef1d458740242c02078f9bc8867d8cb8a41332590c45983ddf349d1cfb05e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
6362e38d6c8138711da8f3be9bcc72cd

SHA1
b0827e51f1a45cdfed76e7636ea334255d7ddbeb

SHA256
73fabc60a9b24c1eb65ec886a59a190046af5853800572df1d48634417a15729

SHA512
bac37bf61221355a1b43a7e7b3a65ff6d08790898e7e9719f2a776ee55db0cfe036d721d216bb95454dd1375c322298eea54fba2054d9a41e3aad6d60ec41507

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
ef40498ce0b6cf020d9ea8ed88992584

SHA1
2fc258982ffeca396e50bff27a4b2e283c14b051

SHA256
003751ed79881bce98017b66206a2ba411321edd61fd51768779f29dfa99968d

SHA512
95c8573b336f2f2fb5ec580340af406a0742d73d4a3d160b22436dfc0bebd36d15f6019a4b3da1507b8b8970b954196723114185bef91336aeb226bb2f45ecd1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23602\python310.dll

Filesize
1.4MB

MD5
b3ae142a88ff3760a852ba7facb901bc

SHA1
ad23e5f2f0cc6415086d8c8273c356d35fa4e3ee

SHA256
2291ce67c4be953a0b7c56d790b6cc8075ec8166b1b2e05d71f684c59fdd91a5

SHA512
3b60b8b7197079d629d01440ed78a589c6a18803cc63cdeac1382dc76201767f18190e694d2c1839a72f6318e39dba6217c48a130903f72e47fa1db504810c1c

Download Submit
memory/2772-75-0x000007FEF6360000-0x000007FEF67CA000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads