c56c00ca3f42026f17affef76b3752f268d1498f862b3143985ca7c1d33feb39

Resubmissions

21-01-2025 11:18

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 11:18

Target

Built.exe
Size

33.3MB
MD5

bf496771139b8b76ab7e2e3813ce78a3
SHA1

949686fc9af5710904902044e92b0397b337d814
SHA256

92118eac9bf1f5e9cf45e2773f74163202f609125e8f0aa0a077446e6f1cd4d1
SHA512

ce9ab86130380ffc378ae3cd14c67c94f6034631821392aba9c8946eec07591311e7942b45cfe2dacfcae6cfe73495937be9b81790ea66824c3212fcb9cd3bc2
SSDEEP

786432:8Nz4CWGpXkqva096PzXf4mWy1DlIF1qqHdbrtTqslFEO:IkCWGJ446rPu/FQqjqwFd

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2700	Built.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral19/files/0x000500000001a491-22.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2700	2948	Built.exe	30
PID 2948 wrote to memory of 2700	2948	Built.exe	30
PID 2948 wrote to memory of 2700	2948	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2700

C:\Users\Admin\AppData\Local\Temp\_MEI29482\python310.dll

Filesize
1.4MB

MD5
3f782cf7874b03c1d20ed90d370f4329

SHA1
08a2b4a21092321de1dcad1bb2afb660b0fa7749

SHA256
2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

SHA512
950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

Download Submit
memory/2700-24-0x000007FEF5C50000-0x000007FEF60B6000-memory.dmp

Filesize
4.4MB

Download