a2e85d2d5c5bef45f3607c78d62e8f688d34fc15fc58180a86711ac5b1bf3763 | Triage

Analysis

max time kernel
2s
max time network
5s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 16:34

Sharing

Report Analysis Logs

General

Target

Builder.exe
Size

7.6MB
MD5

d14ac81cf4ef57049f5df85cb86a1009
SHA1

278ac5f19ab61feebf6bb1cfeea4f79103025692
SHA256

a2e85d2d5c5bef45f3607c78d62e8f688d34fc15fc58180a86711ac5b1bf3763
SHA512

ac1c39f197df9d7d60684016caed0eebdaffe84b88776969c8ccbd33422eeabaaa6ec8aab24f5bee12bfcfa08034fabaf5b2450765e4af6286b992a8f8251644
SSDEEP

196608:qQD+kdFf/wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNW9:N5nfUIHL7HmBYXrYoaUNq

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019643-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2980	2240	Builder.exe	30
PID 2240 wrote to memory of 2980	2240	Builder.exe	30
PID 2240 wrote to memory of 2980	2240	Builder.exe	30

C:\Users\Admin\AppData\Local\Temp\Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Builder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\Builder.exe
  "C:\Users\Admin\AppData\Local\Temp\Builder.exe"
  2⤵
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python313.dll

Filesize
669KB

MD5
8e688a968ab93fb2daca73bca139ef3a

SHA1
b807ddd6ef9f35205fe7e3c4050bc1b357eef97a

SHA256
e1329323580774f1ae1eb777d5a06266fc4593c302ff1d1c4b9166188114a95c

SHA512
8f8ce34237427ce6a9f3502be8b36d331c09b97c4f6a9eb3080294f02885bdee9b5749ca9f7130cae81b8a9cf6bdb269ab7aaef57951f359a354ce54c5e2596c

Download Submit