f9d11d2df1ed2b41dbd570b2460661a7a006920529d62ed245556c25b5dbdd7c

General

Target

Built.exe
Size

5.9MB
MD5

e50b094baefe8750754bbf9476c71ef9
SHA1

771fcf57f5942ca2c5420886433384822d6ddcc3
SHA256

f9d11d2df1ed2b41dbd570b2460661a7a006920529d62ed245556c25b5dbdd7c
SHA512

47fc5802fcf5bd4b7e09df72a021a2876c447dc0584d56faeb11f63b8263caf7a3c6613eb622e1196c36cb87a1cceee1906150bd2743a7fe1d9c0a7a8930002e
SSDEEP

98304:Qvu+EYYIhBi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFc9hmkrTto:iEPIjDOYjJlpZstQoS9Hf12VKXrbmC3S

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2948	Built.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001960c-22.dat	upx
behavioral1/memory/2948-24-0x000007FEF6980000-0x000007FEF6DE5000-memory.dmp	upx

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
484	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
484	vlc.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe
484	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
484	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2948	2764	Built.exe	31
PID 2764 wrote to memory of 2948	2764	Built.exe	31
PID 2764 wrote to memory of 2948	2764	Built.exe	31

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2948

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\HideRestore.m4a"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27642\python310.dll

Filesize
1.4MB

MD5
b93eda8cc111a5bde906505224b717c3

SHA1
5f1ae1ab1a3c4c023ea8138d4b09cbc1cd8e8f9e

SHA256
efa27cd726dbf3bf2448476a993dc0d5ffb0264032bf83a72295ab3fc5bcd983

SHA512
b20195930967b4dc9f60c15d9ceae4d577b00095f07bd93aa4f292b94a2e5601d605659e95d5168c1c2d85dc87a54d27775f8f20ebcacf56904e4aa30f1affba

Download Submit
memory/484-71-0x000007FEF7300000-0x000007FEF7321000-memory.dmp

Filesize
132KB

Download
memory/484-65-0x000007FEF7700000-0x000007FEF7711000-memory.dmp

Filesize
68KB

Download
memory/484-58-0x000000013FFF0000-0x00000001400E8000-memory.dmp

Filesize
992KB

Download
memory/484-61-0x000007FEF8600000-0x000007FEF8618000-memory.dmp

Filesize
96KB

Download
memory/484-73-0x000007FEF5800000-0x000007FEF5811000-memory.dmp

Filesize
68KB

Download
memory/484-63-0x000007FEF7740000-0x000007FEF7751000-memory.dmp

Filesize
68KB

Download
memory/484-64-0x000007FEF7720000-0x000007FEF7737000-memory.dmp

Filesize
92KB

Download
memory/484-80-0x000007FEF56C0000-0x000007FEF5727000-memory.dmp

Filesize
412KB

Download
memory/484-67-0x000007FEF7330000-0x000007FEF7341000-memory.dmp

Filesize
68KB

Download
memory/484-79-0x000007FEF5730000-0x000007FEF5760000-memory.dmp

Filesize
192KB

Download
memory/484-60-0x000007FEF6B30000-0x000007FEF6DE6000-memory.dmp

Filesize
2.7MB

Download
memory/484-68-0x000007FEF6920000-0x000007FEF6B2B000-memory.dmp

Filesize
2.0MB

Download
memory/484-72-0x000007FEF7170000-0x000007FEF7188000-memory.dmp

Filesize
96KB

Download
memory/484-74-0x000007FEF57E0000-0x000007FEF57F1000-memory.dmp

Filesize
68KB

Download
memory/484-70-0x000007FEF5820000-0x000007FEF5861000-memory.dmp

Filesize
260KB

Download
memory/484-83-0x000007FEF55C0000-0x000007FEF5617000-memory.dmp

Filesize
348KB

Download
memory/484-62-0x000007FEF7930000-0x000007FEF7947000-memory.dmp

Filesize
92KB

Download
memory/484-59-0x000007FEF8330000-0x000007FEF8364000-memory.dmp

Filesize
208KB

Download
memory/484-66-0x000007FEF7350000-0x000007FEF736D000-memory.dmp

Filesize
116KB

Download
memory/484-78-0x000007FEF5760000-0x000007FEF5778000-memory.dmp

Filesize
96KB

Download
memory/484-77-0x000007FEF5780000-0x000007FEF5791000-memory.dmp

Filesize
68KB

Download
memory/484-76-0x000007FEF57A0000-0x000007FEF57BB000-memory.dmp

Filesize
108KB

Download
memory/484-75-0x000007FEF57C0000-0x000007FEF57D1000-memory.dmp

Filesize
68KB

Download
memory/484-81-0x000007FEF5640000-0x000007FEF56BC000-memory.dmp

Filesize
496KB

Download
memory/484-82-0x000007FEF5620000-0x000007FEF5631000-memory.dmp

Filesize
68KB

Download
memory/484-90-0x000007FEF2D10000-0x000007FEF2D27000-memory.dmp

Filesize
92KB

Download
memory/484-89-0x000007FEF54D0000-0x000007FEF54E2000-memory.dmp

Filesize
72KB

Download
memory/484-88-0x000007FEF54F0000-0x000007FEF5501000-memory.dmp

Filesize
68KB

Download
memory/484-69-0x000007FEF5870000-0x000007FEF6920000-memory.dmp

Filesize
16.7MB

Download
memory/484-87-0x000007FEF5510000-0x000007FEF5533000-memory.dmp

Filesize
140KB

Download
memory/484-86-0x000007FEF5540000-0x000007FEF5558000-memory.dmp

Filesize
96KB

Download
memory/484-85-0x000007FEF5560000-0x000007FEF5584000-memory.dmp

Filesize
144KB

Download
memory/484-84-0x000007FEF5590000-0x000007FEF55B8000-memory.dmp

Filesize
160KB

Download
memory/2948-24-0x000007FEF6980000-0x000007FEF6DE5000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing